Google Fixes Three Critical Chrome Vulnerabilities

google chrome security update

Google resolved three highly rated security vulnerabilities in Chrome. US-CERT warns an attacker could exploit these bugs to take control of affected systems.

UPDATE: An earlier version of this story included the incorrect version of Chrome.

Google yesterday released a stable channel update for Chrome, paying some $4,500 worth of bug bounties, and fixing three highly rated security vulnerabilities in the Windows, Mac, and Linux versions of its popular Web browser.

The search giant paid out $2,000 to Collin Payne for a use-after free vulnerability in the WebSockets protocol. The company paid $1,500 to John Butler for discovering an integer overflow issue in document object model ranges. Google also paid $1,000 to a firm called CloudFuzzer for a second use-after-free bug, this time in editing.

The United States Computer Emergency Readiness Team warned that some of these bugs could give an attacker the ability to take control of vulnerable machines. Therefore, the Department of Homeland Security is encouraging users and administrators to review Google’s blogpost and apply the necessary updates.

The release also includes fixes for some Flash Player bugs, which Adobe addressed in it’s own patch yesterday. You can read more about Microsoft’s eight Patch Tuesday security bulletins and Adobe’s additional two, including the Flash Player fixes mentioned above.

This latest update is Google Chrome version 34.0.1847.137.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.