Google has released a new version of its Chrome browser, fixing six high-risk security bugs in the process and paying out $8,500 in bug bounties along the way.
The latest version of Chrome, version 10.0.648.204, also includes a number of other new features for some of the supported platforms. The Linux version of Chrome now supports the password manager for Linux, as well as some performance and stability upgrades.
One security researcher, Sergey Glazunov, took home a total of $7,000 in bug bounties for reporting four separate bugs to Google. The company has paid out more than $100,000 since the inception of its bug bounty program, and a good portion of the bugs that outside researchers have reported to the company have been rated either high or critical.
The security fixes that Google included in the new release of Chrome are:
- [$500] [72517] High CVE-2011-1291: Buffer error in base string handling. Credit to Alex Turpin.
- [$1000] [73216] High CVE-2011-1292: Use-after-free in the frame loader. Credit to Sławomir Błażek.
- [$2000] [73595] High CVE-2011-1293: Use-after-free in HTMLCollection. Credit to Sergey Glazunov.
- [$1500] [74562] High CVE-2011-1294: Stale pointer in CSS handling. Credit to Sergey Glazunov.
- [$2000] [74991] High CVE-2011-1295: DOM tree corruption with broken node parentage. Credit to Sergey Glazunov.
- [$1500] [75170] High CVE-2011-1296: Stale pointer in SVG text handling. Credit to Sergey Glazunov.
The new version of Chrome is available for Windows, Mac, Linux and Chrome Frame.