Following last week’s release of Chrome 9 and a rather brazen $20,000
offering to anyone who can hack their browser at CanSecWest, Google
released a stable
channel update addressing some security flaws and containing a new version
of Flash Player (10.2).
Of the vulnerabilities, three were high priority: a stale pointer in animation
event handling, a use-after-free in SVG font faces, and a stale
pointer with anonymous block handling. Two of the bugs were medium priority, out-of-bounds
read in plug-in handling and possible
failure to terminate process on out-of-memory condition.
Google made good on their bug
bounty program by doling out $1,000 rewards to the disclosers of the high
priority SVG font and anonymous block handling issues as well as the medium
priority failure to process out-of-memory condition issue.
There is evidently more
information concerning these vulnerabilities, but Google has decided not to
publish that information until the majority of their users are up to date with
the fix. The rewards issued for
these bugs bring the bug bounty cash reward total to $38,940 (figure derived from
adding all the rewards posted on the Google Chrome Releases blog).