Google has released Chrome 23, the latest version of its browser, which includes fixes for 12 vulnerabilities in the Windows version and two other flaws that are specific only to Mac OS X. The company also handed out $9,000 in rewards to security researchers who reported the vulnerabilities.
Six of the vulnerabilities fixed by Google are rated as high and the rest of the bugs are either medium or low severity. Both of the Mac-specific vulnerabilities fixed in Chrome 23 are high-severity flaws, and each one earned a $1,000 reward for security researcher Miaubiz.
The highest reward went to a researcher named Phil Turnbull, who reported an integer overflow leading to out-of-bounds read in WebP handling. That earned him $3,500 payment. In addition to the bug fixes, Google also included an updated version of Adobe Flash in Chrome 23. Adobe on Tuesday released patches for several vulnerabilities in Flash.
The full list of vulnerabilities repaired in Chrome 23:
- [Mac OS only] [$1000] [149904] High CVE-2012-5115: Defend against wild writes in buggy graphics drivers. Credit to miaubiz.
And back to your regular scheduled rewards, including some at the new higher levels:
- [$3500] [157079] Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull.
- [Linux 64-bit only] [$1500] [150729] Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG.
- [$1000] [143761] High CVE-2012-5116: Use-after-free in SVG filter handling. Credit to miaubiz.
- [Mac OS only] [$1000] [149717] High CVE-2012-5118: Integer bounds check issue in GPU command buffers. Credit to miaubiz.
- [$1000] [154055] High CVE-2012-5121: Use-after-free in video layout. Credit to Atte Kettunen of OUSPG.
- [145915] Low CVE-2012-5117: Inappropriate load of SVG subresource in img context. Credit to Felix Gröbert of the Google Security Team.
- [149759] Medium CVE-2012-5119: Race condition in Pepper buffer handling. Credit to Fermin Serna of the Google Security Team.
- [154465] Medium CVE-2012-5122: Bad cast in input handling. Credit to Google Chrome Security Team (Inferno).
- [154590] [156826] Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to Google Chrome Security Team (Inferno).
- [155323] High CVE-2012-5124: Memory corruption in texture handling. Credit to Al Patrick of the Chromium development community.
- [156051] Medium CVE-2012-5125: Use-after-free in extension tab handling. Credit to Alexander Potapenko of the Chromium development community.
- [156366] Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling. Credit to Google Chrome Security Team (Inferno).
- [157124] High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security Team (Cris Neckar).