Google Goes Native for Chrome 14
Google is out with a new version of the Chrome browser fixing at least 32 vulnerabilties.
Google is updating its Chrome web browser to version 14, providing security fixes and new features.
Google Chrome 14.0.835.163 is now available for Windows, Mac and Linux and fixes 32 flaws. Of those flaws, Google has rated 15 of them as being high-risk, 10 as medium and seven as low risk. In total, Google is paying out $14,337 to security researchers as part of the Chromium Security Award program for reporting flaws to Google that were fixed in Chrome 14.
The fixed high risk flaws in Chrome include use-after free memory vulnerabilities with plug-in handling, Ruby, the focus controller, document loader and tables style handling. Use-after-free errors occur when a function continues to hold onto a memory location even after an operation has been completed. An attacker can potentially make use of the same memory location then to launch arbitrary code.
Google has also fixed multiple URL bar spoofing issues in Chrome 14 of varying severity.
While having a 32 flaw fix update might seem like a lot, Google noted in its Chrome 14 release notes that there were more flaws that were fixed during the development process for Chrome 14. Google thanked the Microsoft Java Team and Microsoft Vulnerability Research (MSVR) as well as Apple among others for working with the Google Chrome team during the development process to prevent bugs from reaching the stable release.
Beyond the security updates, Chrome 14 introduces Google's Native Client technology to the Chrome stable release. Google has been talking about Native Client for at least the last two years as a way to enable C and C++ code to run natively in the browser.
The Chrome 14.0.835.163 is the first update to Chrome since the end of August when Google updated Chrome 13 for 11 security issues.