Google has released version 9.0.597.107 of its Chrome browser, fixing 19 security vulnerabilities and paying $14,000 in rewards to researchers in the process.
The new version of Chrome, which Google released on Monday afternoon, includes fixes for 16 high-severity vulnerabilities and three bugs rated as medium risks. Several outside researchers cleared nice paydays from Google’s bug bounty program in this release, including Sergey Glazunov and Martin Barbella, each of whom earned $3,000 for bugs they reported.
The release of Chrome 9.0.597.107 also is a landmark of sorts for Google, as the $14,000 that the company paid out as rewards to researchers pushes the total amount of money that Google has paid since the inception of its bug bounty program to more than $100,000. None of the vulnerabilities fixed in the new release qualified for the highest reward of $3133.7, but 16 of them were worth $1,000.
Among the fixes in the new Chrome release are:
- [$1000]  High URL bar spoof. Credit to Jordi Chancel.
- [$1000]  High Stylesheet node stale pointer. Credit to Sergey Glazunov.
- [$1000]  High Stale pointer with key frame rule. Credit to Sergey Glazunov.
- [$500]  High Crash with forms controls. Credit to Stefan van Zanden.
- [$1000]  High Crash in SVG rendering. Credit to Sławomir Błażek.
- [64-bit Linux only]  Medium Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community.
- [$1000]  High Stale node in table handling. Credit to Martin Barbella.
- [$1000]  High Stale pointer in table rendering. Credit to Martin Barbella.
- [$1000]  High Stale pointer in SVG animations. Credit to miaubiz.
- [$1000]  High Stale nodes in XHTML. Credit to wushi of team509.
- [$1000]  High Crash in textarea handling. Credit to wushi of team509.
- [$1000]  High Stale pointer in device orientation. Credit to Sergey Glazunov.
-  Medium Out-of-bounds read in WebGL. Credit to miaubiz.
- [$1000]  High Integer overflow in textarea handling. Credit to miaubiz.
-  Medium Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno).
-  High Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team.
- [$1000]  High Use-after-free with blocked plug-ins. Credit to Chamal de Silva.
- [$1000]  High Stale pointer in layout. Credit to Martin Barbella.