14 DAY TRIAL // Google has pushed a security update for its Chrome browser, addressing a large number of high-risk vulnerabilities, many of which were rewarded through the Chromium bug bounty program.
The newly released Chrome 9.0.597.107 version fixes a total of nineteen security issues. Sixteen of them have a high severity rating and three a medium one.
There are several regular Chrome security contributors listed in the credits for this release.
Sergey Glazunov, the highest-earning researcher of the Chromium Security Rewards program so far, was rewarded for reporting three high-risk vulnerabilities.
These consisted of a stylesheet node stale pointer ($1,000), a stale pointer with key frame rule ($1,000) and a stale pointer in device orientation ($1,000).
A security researcher known as miaubiz who also regularly contributes to Chrome, was credited with reporting two high-impact vulnerabilities and a medium-risk one.
These were a stale pointer in SVG animations ($1,000), an integer overflow in textarea handling ($1,000) and an out-of-bounds read in WebGL that wasn't rewarded.
Another high earner for this release with three high-risk vulnerabilities was a security researcher named Martin Barbella.
He reported a stale node in table handling ($1,000), a stale pointer in table rendering ($1,000) and a stale pointer in layout ($1,000).
Chrome security regular wushi of team509 also made the changelog with two high-impact security issues, a crash in textarea handling ($1,000) and stale nodes in XHTML ($1,000).
Other rewards went to Jordi Chancel, for a high-risk URL bar spoof ($1,000); Sergey Radchenko, for a high-severity crash with javascript dialogs ($500); Stefan van Zanden for a high-impact crash with forms controls ($500); Sławomir Błażek for a high-risk crash in SVG rendering ($1,000); and Chamal de Silva, for reporting a serious use-after-free error memory with blocked plug-ins ($1,000).
Three vulnerabilities were discovered in house by Tavis Ormandy of the Google Security Team, a high-severity accidental exposure of internal extension functions; Inferno of the Google Chrome Security Team, a medium-impact out-of-bounds read in WebGL; and Evgeniy Stepanov of the Chromium development community, a medium-risk 64-bit Linux-only out-of-bounds read in pickle deserialization.
The latest version Google Chrome for Windows can be downloaded from here.
The latest version Google Chrome for Linux can be downloaded from here.
The latest version Google Chrome for Mac can be downloaded from here.