Google has shipped a new version of its Chrome web browser to fix at least 14 security vulnerabilities that expose users to malicious hacker attacks.
The Chrome 8.0.552.215 update also include a new built-in PDF viewer that is secured in Chrome’s sandbox, according to a brief note posted by Google’s Jason Kersey.
Five of the 14 security flaws carry a “high-risk” rating. Details on the security vulnerabilities.
- [17655] Possible pop-up blocker bypass. Low Risk.
- [55745] Cross-origin video theft with canvas. Discovered and reported by Microsoft Vulnerability Research (MSVR). Medium Risk.
- [56237] Browser crash with HTML5 databases. Low Risk.
- [58319] Prevent excessive file dialogs, possibly leading to browser crash. Low Risk.
- [59554] Use-after-free vulnerability in history handling. High Risk.
[Linux / Mac] - [59817] Make sure the “dangerous file types” list is up to date with the Windows platforms. Medium Risk.
- [61701] Browser crash with HTTP proxy authentication. Low Risk.
- [61653] Out-of-bounds read regression in WebM video support. Medium Risk.
- [62127] Crash due to bad indexing with malformed video. High Risk.
- [62168] Possible browser memory corruption via malicious privileged extension. Medium Risk.
[62401] Use-after-free vulnerability with SVG animations. High Risk. - [63051] Use-after-free vulerability in mouse dragging event handling. High Risk.
- [63444] Double-free vulnerability in XPath handling. High Risk.
As part of its ongoing bug-bounty program, Google shelled out $4,000 to purchase vulnerability data from the security research community.
