Google is updating the stable version of its Chrome Web browser for Windows, Mac and Linux, addressing a handful of security vulnerabilities — including four that could put users at risk simply by viewing a maliciously constructed image file.
Those vulnerabilities addressed in Chrome 5.0.375.99 are rated as “high” severity, and include a high-memory corruption flaw that could be triggered by an invalid PNG image file. Google awarded security researcher Aki Helin $1,000 for the discovery of the vulnerability, which he reported June 7.
However, because the flaw is actually rooted in the open source libpng program — which is also in use by other Web browsers and open source applications — Helin later suggested in Google’s tracking system that the company help mitigate the risk to other browsers and applications still using a vulnerable version of libpng by holding off on fixing the vulnerability, which would have thereby publicly revealed it. Instead, Helin suggested that the best approach might be to sync the Google Chrome patch with an update from the upstream libpng project, which ultimately issued its security bug update for the issue on June 25.
Google also credited Helin, along with researcher “Wushi” of security firm team509, with the discovery of a memory-corruption issued triggered by invalid SVG image files. Wushi is also credited with the discovery of a CSS style-rendering, memory-corruption issue, as well as a bidi memory-corruption issue for bidirectional text. Google rewarded Wushi $1,500 in total for the reported vulnerabilities.
Both Wushi and Helin received the Google cash prizes as part of the Google’s Chromium Security Award initiative, which began earlier this year as a way to reward security researchers for their discoveries.
While the fixes in Chrome 5.0.375.99 relied on the activity of outside security researchers, Google’s own security team also identified some flaws in the browser’s previous edition: a pair of medium-risk issues related to browser protection when running iFrames.
Rounding out the list of security updates for Chrome 5.0.375.9 are four low-risk vulnerabilities: a flaw relating to WebGL graphics, an image-crashing issue and a pair of fixes for dialog boxes.
The 5.0.375.99 release is the second stable Chrome browser update in less than two months. At the end of June, Google released Chrome 5.0.375.86, fixing five security vulnerabilities.
Google on Friday also updated the developer version of Chrome to version 6.0.453.1. Among the improvements in the developer release is support on Linux for Google’s integrated PDF plugin. Google began testing Chrome version 6 with its first developer channel release at the end of May.