Google has issued a security update for its Chrome operating system on Android devices, resolving seven medium-risk vulnerabilities and paying out a total of $3,500 in rewards to two researchers.
On the Google Chrome Blog, software engineer Jay Civelli wrote that the update strengthens Chrome for Android’s sandbox technology as well as resolving seven other moderate bugs. The fix is available for users of Android 4.0 (Ice Cream Sandwich) and 4.1 (Jelly Bean).
Specifically, the update fixes two medium-rated bugs reported by Artem Chaykin for which he received a total of $1,000 in rewards. The first fixes an issue with information and credential disclosure by file:// URLs and the second resolves a problem with current-tab cross-application scripting (UXSS).
Interestingly, Google shipped these updates on the same day that Jon Oberheide of Duo Security published a blog presenting the findings of their X-Ray projects, which revealed that more than half of Android devices contain vulnerabilities that could be exploited by attackers to take complete control of user’s devices.