Google Fixes Three Critical Chrome Vulnerabilities

google chrome security update

Google resolved three highly rated security vulnerabilities in Chrome. US-CERT warns an attacker could exploit these bugs to take control of affected systems.

UPDATE: An earlier version of this story included the incorrect version of Chrome.

Google yesterday released a stable channel update for Chrome, paying some $4,500 worth of bug bounties, and fixing three highly rated security vulnerabilities in the Windows, Mac, and Linux versions of its popular Web browser.

The search giant paid out $2,000 to Collin Payne for a use-after free vulnerability in the WebSockets protocol. The company paid $1,500 to John Butler for discovering an integer overflow issue in document object model ranges. Google also paid $1,000 to a firm called CloudFuzzer for a second use-after-free bug, this time in editing.

The United States Computer Emergency Readiness Team warned that some of these bugs could give an attacker the ability to take control of vulnerable machines. Therefore, the Department of Homeland Security is encouraging users and administrators to review Google’s blogpost and apply the necessary updates.

The release also includes fixes for some Flash Player bugs, which Adobe addressed in it’s own patch yesterday. You can read more about Microsoft’s eight Patch Tuesday security bulletins and Adobe’s additional two, including the Flash Player fixes mentioned above.

This latest update is Google Chrome version 34.0.1847.137.

Suggested articles

Discussion

  • Chris on

    I believe the correct version of Chrome should be: 34.0.1847.137 an update from 34.0.1847.131. Perhaps this is confusion with the new version of Adobe Flash?
    • Brian Donohue on

      You are very correct. Consider it fixed and thanks for the heads up.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.