Critical Race Condition Flaw Fixed in Chrome 22

Atte Kettunen of OUSPG got $3,133.7 (around 2,500 EUR) for finding it

By on October 9th, 2012 11:07 GMT

Google has updated the Stable channel of Chrome to 22.0.1229.92 on all platforms. Although only 5 security holes have been addressed with this release, one of them has been catalogued as being critical.

The critical security hole – discovered by Atte Kettunen of OUSPG – was a race condition in audio device handling. For his findings, the researcher was rewarded with a leet prize of $3,133.7 (around 2,500 EUR).

Kettunen was awarded an additional $1,000 (800 EUR) for identifying a high-severity flaw caused by a crash in Skia text rendering.

Arthur Gerkis received $500 (400 EUR) for a medium-severity OOB read in ICU regex bug and Inferno of the Google Chrome Security Team got a pat on the back (or whatever these guys get) for locating an out-of-bounds read in compositor.

Finally, Chris Evans of the Google Chrome Security Team noticed that the plug-in crash monitor was missing for Pepper plug-ins.

Google Chrome is available for download here
Google fixes critical race condition flaw in Chrome 22
   Google fixes critical race condition flaw in Chrome 22
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments