Google is out with an update for its Chrome Web browser with fixes for at least 19 security issues.
The Chrome 9.0.597.107 update comes barely a month after Chrome 9.0.597.94 was released with five security fixes. Chrome 9 is still a relatively new, stable browser having only been officially released at the beginning of February.
Of the 19 vulnerabilities fixed in Chrome 9.0.597.107, Google has rated 15 of them as having high impact. Google is also paying out $14,000 in security awards to the researchers that discovered the high impact vulnerabilities.
The security awards are part of the Chromium Security Award Program, which was officially launched in January of 2010. With the Chrome 9.0.597.107, Google has now paid out a total of $100,000 to security researchers as part of the program. Google is not alone in paying security researchers for flaws as Mozilla rewards researchers for security flaws as well.
Among the high impact flaws fixed in Chrome 9.0.597.107 are a number of stale pointer flaws that could potentially lead to a browser being exploited. The stale pointer flaws include elements that affect the stylesheet node, keyframe rule, table rendering, SVG animations, device orientation and layout.
Chrome 9.0.597.107 also addresses a URL bar spoofing issue that potentially could lead to a phishing attack.
The latest Chrome update comes a week before Google’s browser is set to face a critical test at the PWN2OWN browser hacking contest. The PWN2OWN contest, which is sponsored by HP TippingPoint, challenges security researchers to find flaws in browsers during a live event. HP TippingPoint pays researchers for the flaws they find and keeps the vulnerabilities under wraps until the browser vendors are able to issue a patch. Normally it’s just HP TippingPoint that offers rewards to researchers, but Google is jumping into the fray this year.
Google is set to award $20,000 to the security research that is able to successfully demonstrate a security flaw in Chrome.
Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.