14 DAY TRIAL // Google has just promoted Google Chrome 8 to the stable and beta channels, a major update which includes multiple security fixes and a native sandboxed PDF viewer.
In total, the new version patches thirteen vulnerabilities, four of which have a high severity rating, five medium and four low.
The high-impact flaws and a medium one were rewarded through the Google Chrome vulnerability reward program.
Yang Dingning from NCNIPC, Slawomir Blazek, and miaubiz recieved $1,000 each for a double free bug in XPath handling, an use after free vulnerability with SVG animations and an exploitable crash caused by bad indexing with malformed video, respectively.
In addition, Stefan Troger and regular contributor kuzzcc were awarded $500 prizes for use after free memory issues stemming from history and mouse dragging event handling.
Another new noteworthy feature, security-wise, is a PDF viewer which runs under Chrome’s sandbox and was specifically developed for the browser.
This plug-in has existed in Chrome stable ever since version 6, but it was disabled by default, as it still had bugs and lacked complete functionality.
“We would like to offer special thanks -- and a number of rewards -- to Aki Helin of OUSPG [Oulu University Secure Programming Group] for his extensive help with the new PDF feature,” the Chrome developers write.
They also thank security researcher Sergey Glazunov and Marc Schoenefeld of the Red Hat Security Response Team for their help in finding bugs during the development process.
The next major version of Google Chrome will add a sandboxed Flash Player plug-in developed in collaboration with Adobe.
The plug-in was enabled by default in the Chrome 9 dev and canary builds released yesterday, but it will be improved by the time the stable lands in mid-January.