Google has fixed 19 security flaws in its Chrome browser, including more than a dozen high-risk bugs. The company paid out $3,500 in rewards to security researchers who reported flaws.
Two of the high-risk vulnerabilities fixed in Chrome 33 are use-after-free flaws, one in SVG images and the other in speech recognition. There’s also a heap buffer overflow in the software rendering. The full list of flaws that earned rewards from Google:
[$1000][344492] High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG.
[$500][326854] High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani.
[$2000][337882] High CVE-2013-6665: Heap buffer overflow in software rendering. Credit to cloudfuzzer.
[332023] Medium CVE-2013-6666: Chrome allows requests in flash header request. Credit to netfuzzerr.
In addition to the bugs found by external researchers, Google’s internal security team also found a large number of bugs that were fixed in this release. Google’s researchers found 11 high-risk bugs and four medium-risk vulnerabilities.