It does away with unprompted data sync with attacker’s Google account
Google pushed a new stable version of the Chrome browser (32.0.1700.77) for Windows, Mac, and Linux on Tuesday and improved its security with a total investment of $8,000 / €5,875 in external contributions from security researchers.The company rewarded the contributors for uncovering two use-after-free vulnerabilities, one in web workers and the other related to forms. Furthermore, the developer eliminated a security issue that could cause address bar spoofing in the Android version of the web browser.
The largest payment ($3,000 / €2,202) went to Joao Lucas Melo Brasio, an information security researcher and specialist from Brazil, for revealing a flaw that caused an unprompted synchronization of data with the Google account of an attacker.
Internal security work also added to improved security of the browser and other fixes have been implemented thanks to audits, fuzz testing (brute force vulnerability discovery), and other initiatives.