Google Chrome 29 Fixes 25 Vulnerabilities

There are 25 fresh security patches in the newest version of Google Chrome, including fixes for a number of high-severity vulnerabilities. Chrome 29 also includes a number of performance enhancements.

There are 25 fresh security patches in the newest version of Google Chrome, including fixes for a number of high-severity vulnerabilities. Chrome 29 also includes a number of performance enhancements.

Google regularly pushes out new versions of its browser every few weeks, and sometimes will only have a handful of security fixes. Chrome 29 is the exception to this, providing a huge number of vulnerability fixes. Three of the fixes in Chrome 29 are for use-after-free vulnerabilities, each of which earned the finder a $1,000 bug bounty.

The list of bugs fixed in Chrome 29 includes:

  • [$1337] [181617High CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj.
  • [$500] [254159Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian Jaeger.
  • [$1337] [257363High CVE-2013-2901: Integer overflow in ANGLE. Credit to Alex Chapman.
  • [$1000] [260105High CVE-2013-2902: Use after free in XSLT. Credit to cloudfuzzer.
  • [$1000] [260156High CVE-2013-2903: Use after free in media element. Credit to cloudfuzzer.
  • [$1000] [260428High CVE-2013-2904: Use after free in document parsing. Credit to cloudfuzzer.

Chrome users should update their browsers as soon as possible to protect against attacks using these vulnerabilities.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.