14 DAY TRIAL // Google has just released the first stable build of Chrome 12 which addresses many vulnerabilities and brings several new security enhancements.
A total number of fourteen security flaws have been patched in the new Chrome 12.0.742.91 build, in addition to the ones fixed during the development cycle.
Five of the vulnerabilities are rated with high severity and six have been rewarded through Google's Chromium Security Rewards Program.
Chrome security superstar Sergey Glazunov was awarded the special $3133.7 (elite) reward for a same-origin policy bypass found in the browser's JavaScript engine.
This reward is normally destined for critical flaws that impress the Google security engineers sitting on the security program's jury.
"We’d also like to call particular attention to Sergey Glazunov’s $3133.7 reward. Although the linked bug is not of critical severity, it was accompanied by a beautiful chain of lesser severity bugs which demonstrated critical impact," Google's Jason Kersey wrote in the release announcement.
This is the second $3133.7 reward ever issued and Sergey Glazunov earned both of them. In fact, he is the highest paid researcher in Google's program so far.
Regular Chrome security contributor kuzzcc was awarded $1337 (leet) for a vulnerability that allowed bypassing extension permissions.
Other rewards included $2000 to miuabiz for a high-risk use-after-free memory error in float handling, $1000 to Sergey Glazunov for a high-risk same-origin policy bypass in DOM, $1000 to Vladislavas Jarmalis for a medium-risk extension injection into chrome:// pages, $1000 to miaubiz for another use-after-free memory error in the image loader and $500 to kuzzcc for a medium-risk extension script injection into the new tab page.
Aside from the vulnerability patches, Chrome 12 allows users to delete the so-called Flash cookies from the browser's own interface. This is good news, because Flash Player's local storage can be abused to respawn tracking cookies.
Another security-related feature in Chrome 12 provides protection against malicious downloads by using data from Google's Safe Browsing service.
The latest version Google Chrome for Windows can be downloaded from here. The latest version Google Chrome for Linux can be downloaded from here. The latest version Google Chrome for Mac can be downloaded from here.