The stable channel of Google’s Chrome OS has been updated to 26.0.1410.57 for all devices. The latest variant addresses a total of four security issues, three of which have been catalogued as high-severity flaws.
Two of the high-severity vulnerabilities – a use-after free in the O3D plugin, and an origin lock bypass of O3D and Google Talk plugins – have been identified by Ralf-Philipp Weinmann.
In addition, Weinmann has also discovered a medium-severity issue that refers to an uninitialized memory left in buffer in the O3D plugin.
Because he has found a chain of three bugs, and has provided Google with a detailed write-up and a demo exploit code, the company has rewarded the expert with a total of $31,336 (24,000 EUR) under the Chromium Vulnerability Rewards Program.
The third high-risk issue – another origin lock bypass of O3D and Google Talk plugins – has been identified by Chris Evans of the Google Chrome Security Team.