Google has fixed 23 security vulnerabilities in Chrome, including three high-risk flaws, and handed out $9,500 in rewards to researchers.
Among the vulnerabilities that the company fixed in Chrome 35 are use-after-free flaws and an integer overflow, all of which are rated high. Google didn’t disclose the details of all of the various security vulnerabilities, but of the eight that it listed in its advisory, those three are the most serious.
The full list of vulnerabilities patched in Chrome 35 will be published later, but here are the ones that Google has published and received bug bounties:
[$500] Medium CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne.
Users running Chrome should upgrade as soon as possible in order to avoid attacks against these flaws.