NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

TRENDING TODAY

Home > News > Security > Security Fixes and Improvements

August 20th, 2010, 08:05 GMT · By Lucian Constantin

Critical and High Vulnerabilities Patched in Chrome

Adjust text size:

Google has released new security updates through the Chrome stable channel in order to address several critical and high risk vulnerabilities, two of which were rewarded with special $1,337 prizes.

The new 5.0.375.127 update is still silently being pushed to users, so details about some of the fixed bugs were temporarily withheld from the general public for security reasons.

Nevertheless, Google lists two critical, six high and one moderate flaws in an announcement on its Chrome Releases blog.

Both critical issues, described as a "memory corruption with file dialog" and a "crash on shutdown due to notifications bug," were discovered by a security researcher named Sergey Glazunov, who received $1,337 for each.

The high risk bugs referred to: a "memory corruption with SVGs" and "bad cast with text editing," both discovered by wushi of team509; a "possible address bar spoofing with history," credited to Mike Taylor; a "memory corruption in MIME type handling," also found by Mr. Glazunov; a "memory corruption with Ruby support" and "memory corruption with Geolocation support" discovered by kuzzcc.

The security issue rated as medium risk was reported by reputed Web application security researcher Robert "RSnake" Hansen and can be used to "stop omnibox autosuggest if the user might be about to type a password."

Two of the high risk bugs were rewarded with $500, three with $1,000 and Gluzunov's with $2,000. In general Google pays $500 for any security vulnerability found in Chrome through its Security Reward program.

There's are also special $1,337 ("leet" in leet speak) rewards for bugs that are particularly clever. So far Mr. Glazunov has received most of them.

Even though last month the company announced raising the special bounty to $3,133.7 (eleet), following similar changes made by Mozilla to its own program, such a reward has yet to be awarded.

Google Chrome 5.0.375.127 for Windows can be downloaded from here.

Google Chrome 5.0.375.127 for Linux can be downloaded from here.

Google Chrome 5.0.375.127 for Mac can be downloaded from here.

FILED UNDER:

Chrome 5.0.375.127

security update

stable channel

critical vulnerabilities

vulnerability reward

	Share your thoughts on this story...
		1,456 hits Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:

Several Security Bugs Fixed in Chrome 5.0.375.125

Google Bumps Maximum Chrome Bug Reward to $3,133.7

Future Versions of Chrome to Automatically Disable Outdated Plug-Ins

Google Rewards Bugs Found in Chrome

Google Chrome Update Fixes Severe Flaw

READER COMMENTS:

No user comments yet.

Be the first to express your opinion!

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use