Chrome 9 Security Update

Following last week’s release of Chrome 9 and a rather brazen $20,000 offering to anyone who can hack their browser at CanSecWest, Google released a stable channel update addressing some security flaws and containing a new version of Flash Player (10.2).

Of the vulnerabilities, three were high priority: a stale pointer in animation event handling, a use-after-free in SVG font faces, and a stale pointer with anonymous block handling. Two of the bugs were medium priority, out-of-bounds read in plug-in handling and possible failure to terminate process on out-of-memory condition.

Google made good on their bug bounty program by doling out $1,000 rewards to the disclosers of the high priority SVG font and anonymous block handling issues as well as the medium priority failure to process out-of-memory condition issue.

There is evidently more information concerning these vulnerabilities, but Google has decided not to publish that information until the majority of their users are up to date with the fix. The rewards issued for these bugs bring the bug bounty cash reward total to $38,940 (figure derived from adding all the rewards posted on the Google Chrome Releases blog).

Commenting on this Article is closed.