14 DAY TRIAL // Google has released a new version of Google Chrome in order to address several high-risk vulnerabilities and update the bundled Flash Player plug-in.
The new 12.0.742.112 version contains fixes for a number of seven security flaws, six of which are rated with a high impact and one with medium.
Regular Chrome security contributor miaubiz is credited with discovering five vulnerabilities and was rewarded for all of them through the Chromium bug bounty program.
The security researcher received four $1,000 rewards for three use-after-free memory errors in SVG font handling, SVG use element and text selection, as well as for a memory corruption issue in CSS parsing.
He also earned $500 for lifetime and reentrancy issues in the HTML parser. The standard payout for vulnerabilities through Google's security reward program is $500, but researchers also help Chrome developers to develop fixes, their prizes can be doubled.
Another Chrome security regular, Aki Helin of OUSPG, was rewarded $500 for discovering a high-risk bad bounds check in the browser's V8 JavaScript engine.
The last vulnerability addressed in this release is an out-of-bounds read in NPAPI string handling and is credited to Philippe Arteau. The researcher earned $1,000 for it despite the flaw being rated with medium risk.
A notable absence in this release announcement is that of Sergey Glazunov, the highest-paid security researcher in the Chromium vulnerability reward program so far.
In addition to the security content, this Chrome release also updates the bundled Flash Player plug-in to version 10.3.181.34 which resolves compatibility issues with cross-domain policy files.
The latest version Google Chrome for Windows can be downloaded from here. The latest version Google Chrome for Linux can be downloaded from here. The latest version Google Chrome for Mac can be downloaded from here.