One Critical, Four High-Risk Vulnerabilities Fixed in Chrome 28

Andrey Labunets has been rewarded with $21,500 (€16,825)

Google has released Chrome 28 for Windows, Mac, and Chrome Frame. From a security standpoint, the release is important because a large number of vulnerabilities have been addressed.

One critical vulnerability, a use-after-free with network sockets, has been identified by Collin Payne. Google has rewarded the expert with $6,267.4 (€4,904) for his work.

On the other hand, the largest amount of money has been given to Andrey Labunets. Labunets has identified a high-impact flaw described as “confusion setting up sign-in and sync.”

He has also discovered a medium-severity “incorrect sync of NPAPI extension component.” Google has been impressed by the combination of the two issues, so the company rewarded the researcher with $21,500 (€16,825).

Other high-severity vulnerabilities – a use-after-free in input handling, and a use-after-free in resource loading – have been identified by miaubiz. The expert has been rewarded with a total of $3,000 (€2,347).

The Chrome team’s internal security work has led to the discovery of various issues (CVE-2013-2880) that have been catalogued as being high-risk.

In addition, seven medium- and three low-impact security holes have been addressed in Chrome 28. One of the low-impact issues affects only Macs.

The latest version of Chrome for Windows is available for download here

The latest version of Chrome for Mac is available for download here

The latest version of Chrome for Linux is available for download here

Hot right now  ·  Latest news