Chrome patchGoogle has shipped a new version of its Chrome web browser to fix at least 14 security vulnerabilities that expose users to malicious hacker attacks.

The Chrome 8.0.552.215 update also include a new built-in PDF viewer that is secured in Chrome’s sandbox, according to a brief note posted by Google’s Jason Kersey.

Five of the 14 security flaws carry a “high-risk” rating. Details on the security vulnerabilities.

  • [17655] Possible pop-up blocker bypass. Low Risk.
  • [55745] Cross-origin video theft with canvas. Discovered and reported by Microsoft Vulnerability Research (MSVR). Medium Risk.
  • [56237] Browser crash with HTML5 databases. Low Risk.
  • [58319] Prevent excessive file dialogs, possibly leading to browser crash. Low Risk.
  • [59554] Use-after-free vulnerability in history handling. High Risk.
    [Linux / Mac]
  • [59817] Make sure the “dangerous file types” list is up to date with the Windows platforms. Medium Risk.
  • [61701] Browser crash with HTTP proxy authentication. Low Risk.
  • [61653] Out-of-bounds read regression in WebM video support. Medium Risk.
  • [62127] Crash due to bad indexing with malformed video. High Risk.
  • [62168] Possible browser memory corruption via malicious privileged extension. Medium Risk.
    [62401] Use-after-free vulnerability with SVG animations. High Risk.
  • [63051] Use-after-free vulerability in mouse dragging event handling. High Risk.
  • [63444] Double-free vulnerability in XPath handling. High Risk.

As part of its ongoing bug-bounty program, Google shelled out $4,000 to purchase vulnerability data from the security research community.

Categories: Vulnerabilities, Web Security