Google Chrome 33 is out, and the new version of the browser includes fixes for 28 security vulnerabilities, including a number of high-severity bugs. The company paid out more than $13,000 in rewards to researchers who reported vulnerabilities that were fixed in this release.
One of the high-priority vulnerabilities Google patched in Chrome 33 is an issue with the sandbox in Window. The company also patched a use-after-free vulnerability in the layout of Chrome. Here’s the full list of the bugs discovered by external security researchers fixed in Chrome 33:
[$2000][334897] High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid.
[$1000][331790] High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani.
[$3000][333176] High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.
[$3000][293534] High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.
[$500][331725] High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.
[$1000][331060] Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil.
[$2000][322891] Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer.
[$1000][306959] Medium CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris.
[332579] Low CVE-2013-6660: Information leak in drag and drop. Credit to bishopjeffreys.
In addition to these vulnerabilities, Google also fixed more than a dozen bugs that were discovered by the company’s internal security team. That group of bugs includes 15 high-severity flaws and two medium-level vulnerabilities.