One Critical, Four High-Risk Vulnerabilities Fixed in Chrome 28

Andrey Labunets has been rewarded with $21,500 (€16,825)

By Eduard Kovacs on July 10th, 2013 06:39 GMT

Google has released Chrome 28 for Windows, Mac, and Chrome Frame. From a security standpoint, the release is important because a large number of vulnerabilities have been addressed.

One critical vulnerability, a use-after-free with network sockets, has been identified by Collin Payne. Google has rewarded the expert with $6,267.4 (€4,904) for his work.

On the other hand, the largest amount of money has been given to Andrey Labunets. Labunets has identified a high-impact flaw described as “confusion setting up sign-in and sync.”

He has also discovered a medium-severity “incorrect sync of NPAPI extension component.” Google has been impressed by the combination of the two issues, so the company rewarded the researcher with $21,500 (€16,825).

Other high-severity vulnerabilities – a use-after-free in input handling, and a use-after-free in resource loading – have been identified by miaubiz. The expert has been rewarded with a total of $3,000 (€2,347).

The Chrome team’s internal security work has led to the discovery of various issues (CVE-2013-2880) that have been catalogued as being high-risk.

In addition, seven medium- and three low-impact security holes have been addressed in Chrome 28. One of the low-impact issues affects only Macs.

The latest version of Chrome for Windows is available for download here
The latest version of Chrome for Mac is available for download here
The latest version of Chrome for Linux is available for download here
Google fixes several vulnerabilities in Chrome 28
   Google fixes several vulnerabilities in Chrome 28
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments