14 DAY TRIAL // Google has pushed a new security update for Chrome 10 raising the number of stable builds released this month at six.
The new Chrome 10.0.648.204 fixes a total of six vulnerabilities, all of which are rated as high-risk and were rewarded through the Chromium Rewards Program.
Top Chrome security contributor Sergey Glazunov is credited with discovering four of them, two paid with $2,000 and two with $1,500.
The standard Chrome bug bounty is $500, but Google awards more if the vulnerability is particularly interesting or if the researcher also helps developers create a patch.
The flaws discovered by Mr. Glazunov are an use-after-free memory error in HTMLCollection, a DOM tree corruption with broken node parentage and two stale pointers in CSS and SVG text handling.
The other two bugs, a buffer error in base string handling and an use-after-free issue in the frame loader are credited to Alex Turpin ($500) and Sławomir Błażek ($1,000).
The first security update this month was released for Chrome 9 and was shortly followed by the first Chrome 10 stable build.
Since then, Google updated the browser on four separate occasions, including this one. The first time it was to patch a vulnerability in the WebKit layout engine which was reported at the Pwn2Own hacking contest.
The second was to update the embedded Flash Payer plug-in to a version that wasn't affected by a zero-day exploit and the third update, which landed last Thursday, blacklisted nine digital certificates obtained fraudulently by hackers from the Comodo certification authority.
The latest version Google Chrome for Windows can be downloaded from here.
The latest version Google Chrome for Linux can be downloaded from here.
The latest version Google Chrome for Mac can be downloaded from here.