Business
Google Chrome celebrates 2nd birthday with security patches
The Google Chrome 6.0, available in stable and beta channels for Windows, Mac, and Linux, patches a total of 15 documented security vunerabilities.
![ryan-naraine.jpg](https://www.zdnet.com/a/img/resize/58705b1ab848cb0209d7d7d504dffaab176d93aa/2014/07/22/4b4e2273-1175-11e4-9732-00505685119a/ryan-naraine.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
The Google Chrome 6.0, available in stable and beta channels for Windows, Mac, and Linux, patches a total of 15 documented security vunerabilities.
As part of its policy of paying researchers for details on serious security problems, Google shelled out more than $4,300 in bounties.
Here's the skinny on the latest batch of Google Chrome patches
- [34414] Low Pop-up blocker bypass with blank frame target. Credit to Google Chrome Security Team (Inferno) and “ironfist99”.
- [37201] Medium URL bar visual spoofing with homographic sequences. Credit to Chris Weber of Casaba Security.
- [41654] Medium Apply more restrictions on setting clipboard content. Credit to Brook Novak.
- [45659] High Stale pointer with SVG filters. Credit to Tavis Ormandy of the Google Security Team.
- [45876] Medium Possible installed extension enumeration. Credit to Lostmon.
- [46750] [51846] Low Browser NULL crash with WebSockets. Credit to Google Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh) and Keith Campbell.
- [$1000] [50386] High Use-after-free in Notifications presenter. Credit to Sergey Glazunov.
- [50839] High Notification permissions memory corruption. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined).
- [$1337] [51630] [51739] High Integer errors in WebSockets. Credit to Keith Campbell and Google Chrome Security Team (Cris Neckar).
- [$500] [51653] High Memory corruption with counter nodes. Credit to kuzzcc.
- [51727] Low Avoid storing excessive autocomplete entries. Credit to Google Chrome Security Team (Inferno).
- [52443] High Stale pointer in focus handling. Credit toVUPEN Vulnerability Research Team (VUPEN-SR-2010-249).
- [$1000] [52682] High Sandbox parameter deserialization error. Credit to Ashutosh Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
- [$500] [53001] Medium Cross-origin image theft. Credit to Isaac Dawson.
This update also includes a fix for a Windows kernel bug workaround that was was "incorrectly declared fixed" in version 5.0.375.127.