14 DAY TRIAL // The latest stable version of the popular Google Chrome web browser has been updated to the 17.0.963.56 version to address a total of 13 security holes, 7 of which were considered to be high risk.
These high-risk vulnerabilities include an integer overflow in PDF codecs, a possible user-after-free in database handling, a heap overflow in path rendering, a heap buffer overflow in MKV handling, a use-after-free issue in subframe loading, an integer overflow in libpng, and a bad cast in column handling.
The individuals who contributed to these findings were awarded a total of $5,337 (3,735 EUR).
The identification of the 5 medium severity vulnerabilities was rewarded by Google with $1,500 (1050 EUR). These weaknesses include a read-after-free with counter nodes, a native client validator error, the inappropriate use of HTTP for translation scripts, a use-after-free issue with drag and drop, and an out of bounds reads in h.264 parsing.
The low-risk security hole identified by chrometot refers to a browser crash with empty x509 certificates.
Other contributors include Jüri Aedla, Sławomir Błażek, pa_kt, Arthur Gerkis, Aki Helin of OUSPG, and miaubiz. Scarybeasts from the Google Chrome Security Team, and Mateusz Jurczyk of the Google Security Team also contributed.
Chrome 17.0.963.56 for Windows, Mac, Linux and Chrome Frame also includes a new version of Flash, released to address a number of vulnerabilities, including a cross-site scripting (XSS) flaw that is currently being exploited.
Google Chrome 17.0.963.56 for Windows is available for download here. Google Chrome 17.0.963.56 for Mac is available for download here. Google Chrome 17.0.963.56 for Linux is available for download here.