Google Chrome 6 Gets Updated for 9 New Flaws


Google is updating its stable version of the Chrome browser for Linux, Mac, and Windows, fixing at least nine security vulnerabilities. Only one of the vulnerabilities in Chrome 6.0.472.59 is rated by Google as being "critical" -- the highest threat level Google assigns to vulnerabilities -- although six of the fixes carry a "high" rating, the next-most severe level.

The Chrome 6.0.472.59 update comes as Google (NASDAQ: GOOG) continues to push forward on the development of its Chrome 7 browser and as rivals Mozilla Firefox and Microsoft Internet Explorer race to finish their own next-generation Web browsers.

The single critical fix in Chrome 6.0.472.59 is for a flaw that affects only the Apple Mac version of Chrome. As of press time, Google has not disclosed publicly the flaw's details.

Of the flaws rated as having a potentially high impact by Google, the search giant credited a security researcher working under the alias "kuzzcc" with having reported five of the vulnerabilities. In total, Google said it would be awarding $2,500 to kuzzcc for the discovery of the flaws as part of the Chromium Security Award initiative, which pays out cash rewards for security disclosures.

Kuzzcc reported a memory corruption issue in Chrome's Geolocation, as well as a race condition -- an error related to event sequencing -- in console handling, according to Google.

Additionally, kuzzcc reported a pair of use-after-free issues with SVG graphics styles and elements, which could have enabled an attacker to use memory improperly -- potentially leading to an exploit. David Weston of Microsoft's Vulnerability Research, as well as security researcher "wushi" are credited with the discovery of another memory use-after-free issue involving document APIs during parsing.

The latest Chrome stable release follows an update last week from Google for the developer version of the browser, which is now at version 7.0.517.5. The Chrome 7.0.517.5 includes one new notable feature for early adopters called about:labs, which will enable easier access to new features in Chrome.

"about:labs should list a (small) set of experimental features," Google said on its Chromium development site. "Every feature has an "enable?" checkbox. When at least one checkbox has been changed, a 'Restart chrome to let changes take effect' button becomes active."

Google is on a path of rapid development for Chrome with a plan in place now to have new major stable releases every 12 weeks or less.

Rival browser vendors are also racing toward the release of new versions. Mozilla's Firefox 4 beta 6 was released this week, providing some stability fixes for the open source Web browser. The final Firefox 4 release is expected by the end of the year. Microsoft (NASDAQ: MSFT), likewise, is also near to the release of its Internet Explorer 9 browser, with a launch event for a beta release set for today in San Francisco.

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.

Follow eSecurityPlanet on Twitter @eSecurityP.