Google Chrome 26, the latest version of the company’s browser, is out and it contains a number of security patches, most notably a fix for a high-priority use-after-free vulnerability in the Web Audio component of the browser.
That vulnerability, discovered and reported by Atte Kettunen, is the only one in Chrome 26 for which Google paid a bug bounty as part of its reward program. All of the other vulnerabilities were discovered by members of the company’s own security team or the bugs just didn’t qualify for a reward. This continues a somewhat recent trend of the number of vulnerabilities qualifying for rewards from Google declining as it becomes more and more difficult to find serious bugs in the browser.
Google has raised the amount of money paid for serious vulnerabilities in order to attract more submissions from security researchers, but the improved defenses in Chrome have made life more difficult for would-be submitters.
Here is the full list of vulnerabilities patched by Google in Chrome 26:
- [$1000] [172342] High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG.
- [180909] Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar).
- [180555] Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community.
- [Linux only] [178760] Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer).
- [177410] Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer).
- [174943] High CVE-2013-0921: Ensure isolated web sites run in their own processes.
- [174129] Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to “t3553r”.
- [169981] [169972] [169765] Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer).
- [169632] Low CVE-2013-0924: Check an extension’s permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community.
- [168442] Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google.
- [112325] Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c (xysec.com).