6 High-Severity Vulnerabilities Fixed with the Release of Chrome 25.0.1364.152

A total of 10 security holes have been addressed by Google

By on March 5th, 2013 08:29 GMT

Google has updated the stable channel of Chrome to 25.0.1364.152. The latest release addresses ten vulnerabilities, including 6 high-severity issues.

Two of the high-severity security holes – a use-after-free with SVG animations, and a memory corruption in Web Audio – have been identified by Atte Kettunen of OUSPG. For his findings, Google has awarded the researcher with $3,000 (2,300 EUR).

Other high-severity security flaws include a use-after-free in frame loader discovered by Chamal de Silva, and a use-after-free in browser navigation handling found by “chromium.khalil.”

Jüri Aedla, of the Google Chrome Security Team, has uncovered a possible path traversal in database handling and a memory corruption in Indexed DB, both being assessed as being high-risk vulnerabilities.

In addition to these security holes, three medium-severity issues have also been found by members of the Google Chrome Security Team and the Chromium development community.

Russian security expert Egor Homakov has reported a referer leakage with XSS Auditor.

Chrome for Windows is available for download here
Chrome for Mac is available for download here
Chrome for Linux is available for download here

Comments