Google Patches Five Security Flaws in Chrome 18
Three of the vulnerabilities are rated high risk.
Google recently released a new version of Chrome 18 that patches five vulnerabilities, three of them identified as high risk flaws.
"These include use-after-free problems in floating point handling and the XML parser; all of these bugs were detected using the AddressSanitizer," The H Security reports. "As part of its Chromium Security Vulnerability Rewards program, Google paid a security researcher by the name of 'miaubiz,' who is number three in the company's Security Hall of Fame, $1,000 for discovering and reporting one of the float handling problems. Two medium risk problems related to IPC validation and a race condition in sandbox IPC have also been corrected."
"The $1,000 payout is really just a drop in the bucket for Google given that the search giant recently quintupled its maximum bug bounty to $20,000," writes ZDNet's Emil Protalinski. "The company has so far received over 780 qualifying vulnerability reports that span across the hundreds of Google-developed services, as well as the software written by 50 or so firms it has acquired. In just over a year, the program has paid out around $460,000 to roughly 200 individuals."
"At the end of last month, Google shipped Chrome 18 with nine security fixes," Infosecurity reports. "Three of the fixed holes were high risk, five were medium risk, and one was low risk. The high-risk flaws included off-by-one in OpenType Sanitizer, user-after-free in SVG clipping, and memory corruption in Skia."
"To make sure you're running the most up-to-date version of Chrome, and protecting yourself from any attacks exploiting the browser flaws, click on the wrench icon in the top right corner of your browser and select 'About Google Chrome,'" advises SecurityNewsDaily's Matt Liebowitz. "If your browser needs to be updated, it will prompt you to do so."