14 DAY TRIAL // Google has pushed version 5.0.375.125 of Chrome to the Stable channel, which addresses several security vulnerabilities marked as “high.” Two researchers have also been awarded with special $1,337 prizes for workarounds to bugs in third-party components, that impacted Chrome.
Aside from the Linux, Mac and Windows operating systems, the 5.0.375.125 version of the browser is also available for Chrome Frame, the plug-in which allows the Chrome engine to run inside Internet Explorer. There are three high, one medium and one low risk vulnerabilities patched in this update.
The high ones refer to a memory corruption bug in the way SVG files are handled, for which security researcher Aki Helin is credited, another memory corruption flaw in code rendering, discovered by Jose A. Vasquez and a issue with large canvases, reported by a SecurityReason.com researcher going by the online handle of sp3x.
The medium risk bug can lead to a memory content leak in layout code, while the low impact one involves avoiding hostname truncation and incorrect eliding. But, Jason Kersey, of the Google Chrome team, notes that “aside from the listed security bugs fixed in Chromium, we have also deployed workarounds for two critical vulnerabilities where the root cause lies in external components.”
These bugs were located in the Windows kernel and glibc (the GNU C Library). Security researchers Marc Schoenefeld and Simon Berry-Byrne were each awarded a special prize of $1,337 (leet) for assisting Google with workarounds for the two security issues; Schoenefeld for the Windows kernel one, and Berry-Byrne for the glibc one.
These are likely the last $1,337 bounties to be awarded, since Google announced last week that it has ramped up it's special reward to $3,133,7 (eleet), following in Mozilla's footsteps, who also increased the amount it offers for any remotely exploitable critical bug. Google's standard bounty still remains $500 though.
Google Chrome 5.0.375.125 for Windows can be downloaded from here.
Google Chrome 5.0.375.125 for Linux can be downloaded from here.
Google Chrome 5.0.375.125 for Mac can be downloaded from here.
You can follow the editor on Twitter @lconstantin