Google Fixes 24 Vulnerabilities with the Release of Chrome 24

Google is proud to announce the release of Chrome 24 stable. Besides the speed and stability improvements, the latest version of the web browser also comes with a number of security fixes.

Of the total of 24 security holes, 11 are considered to be of high-severity, 8 are medium-severity and, 5 of them are low-severity issues.

The most important flaw has been identified by Erling A Ellingsen and Subodh Iyengar – both from Facebook. They’ve discovered a same-origin policy bypass with malformed URL for which they have been rewarded with $4,000 (3,000 EUR).

Only two other bug finders have been rewarded on this occasion. One of them is Atte Kettunen of OUSPG, who has received $1,000 (750 EUR) for a use-after-free in SVG layout.

José A. Vázquez has received the same amount of money for finding a use-after-free issue in DOM handling.

Other high-severity vulnerabilities – identified by members of the Google Chrome Security Team and the Chromium development community – include an integer overflow in audio IPC handling, a use-after-free when seeking video, integer overflow in PDF JavaScript, and an out-of-bounds stack access in v8.

Google Chrome for Windows is available for download here
Google Chrome for Mac is available for download here
Google Chrome for Linux  is available for download here