Google Chrome celebrates 2nd birthday with security patches

The Google Chrome 6.0, available in stable and beta channels for Windows, Mac, and Linux, patches a total of 15 documented security vunerabilities.

Google's Chrome browser is two years old today and the company celebrated the milestone with a new version chock-filled with feature enhancements and security fixes.

The Google Chrome 6.0, available in stable and beta channels for Windows, Mac, and Linux, patches a total of 15 documented security vunerabilities.

As part of its policy of paying researchers for details on serious security problems, Google shelled out more than $4,300 in bounties.

Here's the skinny on the latest batch of Google Chrome patches

  • [34414] Low Pop-up blocker bypass with blank frame target. Credit to Google Chrome Security Team (Inferno) and “ironfist99”.
  • [37201] Medium URL bar visual spoofing with homographic sequences. Credit to Chris Weber of Casaba Security.
  • [41654] Medium Apply more restrictions on setting clipboard content. Credit to Brook Novak.
  • [45659] High Stale pointer with SVG filters. Credit to Tavis Ormandy of the Google Security Team.
  • [45876] Medium Possible installed extension enumeration. Credit to Lostmon.
  • [46750] [51846] Low Browser NULL crash with WebSockets. Credit to Google Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh) and Keith Campbell.
  • [$1000] [50386] High Use-after-free in Notifications presenter. Credit to Sergey Glazunov.
  • [50839] High Notification permissions memory corruption. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined).
  • [$1337] [51630] [51739] High Integer errors in WebSockets. Credit to Keith Campbell and Google Chrome Security Team (Cris Neckar).
  • [$500] [51653] High Memory corruption with counter nodes. Credit to kuzzcc.
  • [51727] Low Avoid storing excessive autocomplete entries. Credit to Google Chrome Security Team (Inferno).
  • [52443] High Stale pointer in focus handling. Credit to VUPEN Vulnerability Research Team (VUPEN-SR-2010-249).
  • [$1000] [52682] High Sandbox parameter deserialization error. Credit to Ashutosh Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
  • [$500] [53001] Medium Cross-origin image theft. Credit to Isaac Dawson.

This update also includes a fix for a Windows kernel bug workaround that was was "incorrectly declared fixed" in version 5.0.375.127.