Google has updated the stable channel of Chrome to 25.0.1364.152. The latest release addresses ten vulnerabilities, including 6 high-severity issues.Two of the high-severity security holes – a use-after-free with SVG animations, and a memory corruption in Web Audio – have been identified by Atte Kettunen of OUSPG. For his findings, Google has awarded the researcher with $3,000 (2,300 EUR).
Other high-severity security flaws include a use-after-free in frame loader discovered by Chamal de Silva, and a use-after-free in browser navigation handling found by “chromium.khalil.”
Jüri Aedla, of the Google Chrome Security Team, has uncovered a possible path traversal in database handling and a memory corruption in Indexed DB, both being assessed as being high-risk vulnerabilities.
In addition to these security holes, three medium-severity issues have also been found by members of the Google Chrome Security Team and the Chromium development community.
Russian security expert Egor Homakov has reported a referer leakage with XSS Auditor.
Chrome for Windows is available for download here
Chrome for Mac is available for download here
Chrome for Linux is available for download here