Google fixes three flaws in Chrome 20

Summary:Google Chrome version 20.0.1132.57 is out, fixing three vulnerabilities in the browser. This is a security update release, meaning no new features have been added. You should still update.

Google fixes three flaws in Chrome 20

Google has released a new version of Chrome 20 that fixes three high-severity flaws. You can update to the latest version using the software's built-in silent updater, or you can download the latest version of Chrome directly from google.com/chrome.

Here are the three security vulnerabilities fixed in Google Chrome 20.0.1132.57:

  • 129898] High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz.
  • 130595] High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz.
  • [133450] High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov of Google.

This round of patches in Google Chrome means the company only had to write one cheque to reward researchers who reported vulnerabilities. Miaubiz, who found the first two flaws, has netted quite a number of bug bounties from Google in the last couple of years. At this point, I'm wondering why Google doesn't just hire him and have him looking for security holes. The cost of a full-time salary for one engineer seems worth it to me.

In any case, the $2,000 pay out this month is just another drop in the bucket for Google. The search giant recently quintupled its maximum bug bounty to $20,000. The company has so far received about 800 qualifying vulnerability reports that span across the hundreds of Google-developed services, as well as the software written by 50 or so firms it has acquired. In just over a year, the program has paid out around $460,000 to roughly 200 individuals.

For the record, Google Chrome 20 was released just two weeks ago. In the meantime, Mountain View also released a beta of Google Chrome 21 . I expect the new version will be released sometime in August, and I'll let you know when it is.

See also:

Topics: Security, Browser, Google, Software

About

Emil is a freelance journalist writing for CNET and ZDNet. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.