Google Refreshes Chrome 9 for Security and Flash

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Google released its Chrome 9 stable Web browser less than a week ago, fixing at least nine security flaws. Apparently, they missed a few.

This week Google is out with Chrome 9.0.597.94 fixing at least five new security issues and including a new patched version of Adobe Flash.

Chrome is the only browser that directly integrates Adobe Flash with the browser, as opposed to requiring users to download and maintain a separate plug-in. The Flash Player 10.2 release is now also available as a standalone update from Adobe for users of other browsers as well. Flash 10.2 now supports hardware acceleration for graphics, which is also something that Chrome 9 supports natively thanks to the integration of WebGL. Additionally Flash 10.2 now integrates with the private browsing mode available in most browsers to ensure that data from those browsing sessions is not stored on the user's computer.

Of the five security issues, Google has rated three as having high impact.

There are a pair of high impact stale pointer issues fixed in Chrome 9.0.597.94. One of the stale pointers is related to animation event handling while the other deals with anonymous block handling.

The third high impact issued fixed is a use-after-free memory flaw with SVG image font faces.

Chrome 9.0.597.94 also provides a pair of medium impact flaw fixes. One of them is a failure to process an out-of-memory condition while the other is an out-of-bounds read in with plug-in handling issue.

In total, Google is awarding a trio of security researchers $3,000 for the reported flaws as part of the Chromium Security Award. The $3,000 bug bounty tally is a marginal increase from the $2,000 Google paid for flaws in the first Chrome 9 stable release, but is still a far cry from the $14,470.70 that Google paid for the Chrome stable 8.0.552.237 at the beginning of the year.

The Chrome 9 stable release isn't the only Chrome browser that Google is updating this week. Google has also updated the dev channel version of Chrome as well. Chrome Dev 10.0.648.45 also includes the updated Flash 10.2 player as well as an updated V8 JavaScript engine.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.