14 DAY TRIAL // Google has released the first stable build of Chrome version 9 which, in addition to enhancements and new features, contains patches for several vulnerabilities.
In total, there are nine security issues addressed by the new Chrome 9.0.597.84, six of which have a low severity rating, two high and one critical.
Both high-impact vulnerabilities were discovered by Aki Helin of the Oulu University Secure Programming Group (OUSPG), a regular security contributor to the Chromium project.
The researcher was awarded $1,000 for each of the flaws, which consist of an use-after-free memory error in image loading and an exploitable crash in the PDF event handler related to printing.
Two of the low-rated flaws affect the Mac version of Chrome only. They consist of a minor sandbox leak via stat() discovered by Daniel Cheng of the Chromium development community and a crash in the Mac OS 10.5 SSL libraries, credited to Dan Morrison.
Two other low-impact crashes, one due to an extension with missing key and one due to a bad volume setting, were discovered by external researchers Brian Kirchoff and Matthew Heidermann, respectively.
The other two vulnerabilities with low severity ratings were credited to members of the Google Security Team or the Google Chrome Security Team and involve restrictions to cross-origin drag & drop and a more graceful merging of autofill profiles.
The critical vulnerability, which consists of a race condition in audio handling, is unusually credited to "the gamers of Reddit."
"Special thanks to the Reddit community, for playing so much of the game 'Z-Type' that they uncovered a Chromium audio bug," the Google Chrome Program Manager, Anthony Laforge, said.
The latest version Google Chrome for Windows can be downloaded from here.
The latest version Google Chrome for Linux can be downloaded from here.
The latest version Google Chrome for Mac can be downloaded from here.