Business
Google Chrome celebrates 2nd birthday with security patches
The Google Chrome 6.0, available in stable and beta channels for Windows, Mac, and Linux, patches a total of 15 documented security vunerabilities.
Google's Chrome browser is two years old today and the company celebrated the milestone with a new version chock-filled with feature enhancements and security fixes.
The Google Chrome 6.0, available in stable and beta channels for Windows, Mac, and Linux, patches a total of 15 documented security vunerabilities.
As part of its policy of paying researchers for details on serious security problems, Google shelled out more than $4,300 in bounties.
Here's the skinny on the latest batch of Google Chrome patches
- [34414] Low Pop-up blocker bypass with blank frame target. Credit to Google Chrome Security Team (Inferno) and “ironfist99”.
- [37201] Medium URL bar visual spoofing with homographic sequences. Credit to Chris Weber of Casaba Security.
- [41654] Medium Apply more restrictions on setting clipboard content. Credit to Brook Novak.
- [45659] High Stale pointer with SVG filters. Credit to Tavis Ormandy of the Google Security Team.
- [45876] Medium Possible installed extension enumeration. Credit to Lostmon.
- [46750] [51846] Low Browser NULL crash with WebSockets. Credit to Google Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh) and Keith Campbell.
- [$1000] [50386] High Use-after-free in Notifications presenter. Credit to Sergey Glazunov.
- [50839] High Notification permissions memory corruption. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined).
- [$1337] [51630] [51739] High Integer errors in WebSockets. Credit to Keith Campbell and Google Chrome Security Team (Cris Neckar).
- [$500] [51653] High Memory corruption with counter nodes. Credit to kuzzcc.
- [51727] Low Avoid storing excessive autocomplete entries. Credit to Google Chrome Security Team (Inferno).
- [52443] High Stale pointer in focus handling. Credit toVUPEN Vulnerability Research Team (VUPEN-SR-2010-249).
- [$1000] [52682] High Sandbox parameter deserialization error. Credit to Ashutosh Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
- [$500] [53001] Medium Cross-origin image theft. Credit to Isaac Dawson.
This update also includes a fix for a Windows kernel bug workaround that was was "incorrectly declared fixed" in version 5.0.375.127.