14 DAY TRIAL // The latest stable version of Google Chrome, 34.0.1847.137, includes three security fixes. Google has rewarded security experts with a total of $4,500 / €3,300 for reporting the vulnerabilities.
The issues, all of which are high-severity, have been given the following CVE identifiers: CVE-2014-1740, CVE-2014-1741 and CVE-2014-1742.
-CVE-2014-1740: a use-after-free in WebSockets reported by Collin Payne. Payne has been rewarded with $2,000 (€1,500);
-CVE-2014-1741: integer overflow flaw in DOM ranges reported by John Butler. Butler has been rewarded with $1,500 (€1,100);
-CVE-2014-1742: use-after-free in editing reported by cloudfuzzer. The reward for this issue is $1,000 (€700).
Two of the vulnerabilities were identified with AddressSanitizer. The latest Chrome stable channel update also brings Flash Player to version 13.0.0.214.
Adobe has updated Flash Player to address six vulnerabilities, including a use-after-free reported by Zeguang Zhao of team509 and Liang Chen of Keen Team at Pwn2Own 2014.
The Flash Player security holes could have been exploited to bypass the same policy origin, bypass security mechanisms and execute arbitrary code.
Users are advised to update their installations as soon as possible.
Download Google Chrome 34.0.1847.137 for Mac OS X Download Google Chrome 34.0.1847.137 for Windows Download Google Chrome 34.0.1847.137 for Linux