UPDATE: An earlier version of this story included the incorrect version of Chrome.

Google yesterday released a stable channel update for Chrome, paying some $4,500 worth of bug bounties, and fixing three highly rated security vulnerabilities in the Windows, Mac, and Linux versions of its popular Web browser.

The search giant paid out $2,000 to Collin Payne for a use-after free vulnerability in the WebSockets protocol. The company paid $1,500 to John Butler for discovering an integer overflow issue in document object model ranges. Google also paid $1,000 to a firm called CloudFuzzer for a second use-after-free bug, this time in editing.

The United States Computer Emergency Readiness Team warned that some of these bugs could give an attacker the ability to take control of vulnerable machines. Therefore, the Department of Homeland Security is encouraging users and administrators to review Google’s blogpost and apply the necessary updates.

The release also includes fixes for some Flash Player bugs, which Adobe addressed in it’s own patch yesterday. You can read more about Microsoft’s eight Patch Tuesday security bulletins and Adobe’s additional two, including the Flash Player fixes mentioned above.

This latest update is Google Chrome version 34.0.1847.137.

Categories: Vulnerabilities, Web Security

Comments (2)

  1. Chris
    1

    I believe the correct version of Chrome should be: 34.0.1847.137 an update from 34.0.1847.131. Perhaps this is confusion with the new version of Adobe Flash?

    Reply

Leave A Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>