Google has fixed 12 security vulnerabilities in Chrome, including six high-risk bugs. The new version of the browser includes a number of fixes for bugs discovered by external researchers as well as by Google’s own internal security team.
Two of the more serious vulnerabilities patched in Chrome include use-after-free bugs in various elements of the browser, and there also are two out of bounds reads in the browser. Those are listed as high-risk flaws, as well. But perhaps the most interesting bug fixed in the new version is a medium-risk vulnerability related to the TLS negotiation process. During that process, Chrome failed to do a check of some certificates it encountered.
Here’s the full list of bugs fixed Chrome 31:
$500] Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani.
 Medium-Critical CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.
 Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. Credit to Michal Zalewski of Google.
 Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. Credit to Michal Zalewski of Google.
 High CVE-2013-6631: Use after free in libjingle. Credit to Patrik Höglund of the Chromium project.
As part of its bug reward program, Google paid out $11,000 in bounties to external researchers.