Dec 14, 2010 07:32 GMT  ·  By

Google has pushed Chrome 8.0.552.224 as a security update to the stable and beta channels in order to address several vulnerabilities, including high risk ones.

In total there were five vulnerabilties fixed, two of which were rated with a high severity level, two with medium and one with low.

One high impact vulnerability involving stale pointers in cursor handling was discovered by Slawomir Blazek and Sergey Glazunov, who were awarded $1,000 for it through the Chromium vulnerability reward program.

The other highly rated flaw only affects Chrome on 64-bit versions of Linux and stems from weak validation for message deserialization. It wasn't rewarded because it was discovered by Chromium developer Lei Zhang.

However, a medium-risk out-of-bounds bug in CSS parsing was. Chris Rohlf recieved $1,000 for finding it. Unlike other vulnerability reward programs where only critical flaws qualify, Google also awards lower risk flaws if they are deemed clever enough.

The second medium impact vulnerability was found by long-time Chrome security contributor kuzzcc and refers to a browser crash trigered by a bad extension when handling tabs.

The last flaw, which carries a low severity rating, concerns a browser crash with NULL pointer in web worker handling and is credited to Google's Nathan Weizenbaum.

In addition to Chrome 8.0.552.224 stable and beta, Chrome OS has also been updated to 8.0.552.343 in order to incorporate the fixes.

The dev channel has also been updated to version 9.0.597.19 in order to resolve a stability issue that resulted in crashes. It's worth noting that Chrome 9 is expected to be promoted to the beta channel soon, probably this week. The latest version Google Chrome for Windows can be downloaded from here.

The latest version Google Chrome for Linux can be downloaded from here.

The latest version Google Chrome for Mac can be downloaded from here.