Free Newsletters :

Google Chrome 12 Updates for 7 Flaws

Google releases security update for its browser.

Make no mistake about it, Google updates its Chrome browser very rapidly.

At the beginning of June, Google released the first stable version of Chrome 12, fixing at least 15 different security issues and adding new features. Chrome 12 itself is the fourth major browser release from Google so far in 2011. Now Google is updating Chrome – again.

A new version of Chrome 12 is now out for Windows, Linux and Mac, fixing at least seven security flaws, six of which are identified by Google as being high-impact. Chrome Stable 12.0.742.112 is the first security update to Chrome 12 since its' initial release earlier this month.

As part of Google's Chromium Security Reward program, Google is paying out $6,000 in awards to security researchers for flaws reported and now fixed in Chrome 12.0.742.112.

The big winner in terms of awards for Chrome 12.0.742.112 is a security researcher that Google has identified only as ' miaubiz' who collected $4,000 for reporting 5 flaws. Among the flaws miaubiz reported are three separate use-after-free errors, in SVG font handling, SVG use element and in text selection. A use-after-free flaw is one where the memory that is supposed to be returned to the system after being used, is not. The allocated memory can then potentially be leveraged by an attacker to use the same space to exploit the browser.

Other high-impact flaws fixed in Chrome 12.0.742.112 include a memory corruption issue with CSS parsing, a bounds check issue with the V8 JavaScript engine and re-entrancy issues with the HTML parser.

Aside from researcher reported flaws, Chrome 12.0.742.112 also includes an updated version of Flash. Chrome is the only browser that includes an integrated Adobe Flash player and often receives Flash updates before Adobe releases standalone Flash player updates for other platforms.

Google uses a silent automatic updating system for Chrome and as such users do not have to take any direct action to update their browser to receive the update.

While Google is patching the stable version of Chrome 12, their development teams are hard at work on the next two versions of the browser. Chrome 13 is currently in beta and was last updated on June 22. Chrome 14 dev-channel was updated earlier this week on Monday June 27th with a new V8 JavaScript engine release.

Google develops Chrome on a rapid release cycle with new stable releases coming out every 10 – 12 weeks.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.




Tags: Google, Chrome, Security fix


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.