Google this week released version 20 of its Chrome browser, patching 22 vulnerabilities. None of the flaws are rated critical, though several are rated high severity, including one patch that prevents sandboxed processes from interfering with each other.
"Other 'high' severity flaws plugged by Google in Chrome 20 include a number of use-after-free issues, such as in table section handling, counter layout, SVG resource handling, SVG painting, first-letter handling, and SVG reference handling, as well as problems with crashes in texture handling, integer overflow in PDFs, wild point in array value setting, uninitialized pointer in PDF image codec, buffer overflow in PDF JS API, integer overflow in Mastroska container, and integer overflows in lbxml," Infosecurity reports.
"Google, as part of its bug bounty-hunting program, rewarded several independent researchers for detecting and reporting the security bugs, including 'miaubiz,' who netted $7,000 for finding seven separate high-priority glitches," writes SecurityNewsDaily's Matt Liebowitz. "An additional $4,500 was handed out to other researchers."
"Users are advised to restart their browsers in order to update to the latest version of Chrome," writes ZDNet's Dancho Danchev. "They can also do so manually, by selecting the 'About Google Chrome' option in the settings menu."