Google's Chrome browser gets fixes for memory corruption risks as the company's bug bounty program reaps more results.
SECURITY DAILY NEWSLETTER
GET SECURITY NEWS IN YOUR INBOX EVERY DAY
Google is updating the stable version of its Chrome Web browser to address at least eleven security issues. As a result, the new Chrome 5.0.375.127 stable channel version is now available for Windows, Mac and Linux users, with fixes that patch a variety of potential security holes.
"These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or conduct spoofing attacks," US-CERT noted in its advisory on the update.
While Google has its own security team, the 5.0.375.127 release evidently benefited from the contributions of multiple third-party security researchers. At the beginning of 2010, Google's Chromium Security Award initiative was launched as a way to both solicit and reward security researchers for their discoveries.
Google is an advocate of paying security researchers for their discoveries, as is rival browser vendor Mozilla, maker of the Firefox browser. As part of the Chrome 5.0.375.127 release, Google said it shelled out a total of $10,008 in bounties to a handful of researchers for their discoveries.
Security researcher Sergey Glazunov is credited by Google with uncovering a number of vulnerabilities in Chrome. Among Glazunov's discoveries are a pair of memory corruption issues, one is a file dialog issue and the other a problem in handling MIME types. Glazunov is also credited with the discovery of a notifications bug that caused a crash on shutdown.
Security researcher "wushi" of team509 is also credited by Google for multiple discoveries. One of wushi's findings is a memory corruption issue with SVG