14 DAY TRIAL // Google has updated the stable channel of Chrome to version 34.0.1847.116. In addition to several functionality improvements and new features, a total of 31 security issues have been fixed with this latest release of the popular web browser.
Researchers have been rewarded a total of $29,500 (€21,400) for responsibly disclosing vulnerabilities.
The list of high-impact vulnerabilities includes a UXSS in V8, OOB access in V8, an integer overflow in compositor, a use-after-free in web workers, a use-after-free in DOM, memory corruption in V8, use-after-free in rendering, use-after free in speech, and a URL confusion with RTL characters.
The medium-impact flaws include local cross-origin bypass, use-after-free in forms and OOB read with window property.
Aaron Staple, Collin Payne, cloudfuzzer, miaubiz, Christian Holler, Atte Kettunen , George McBay, Jann Horn, and Khalil Zhani have been credited for reporting the vulnerabilities.
The largest rewards, $5,000 (€3,622) each, have been given out for the UXSS in V8 (CVE-2014-1716) and an OOB access issue in V8 (CVE-2014-1717). Both flaws have been reported by an anonymous researcher.
Google’s own security team has also identified multiple vulnerabilities in V8, and various other issues found through internal audits, fuzzing and other initiatives.
You can download Chrome 34 for Windows from Softpedia. The latest versions of Chrome for Mac and Chrome for Linux are also available for download.