Google isn't taking any chances with this year's CanSecWest Pwn2Own hacker challenge.
Just days before the annual contest where hackers are invited to break into the three main web browsers, Google pushed out another Chrome patch to fix a whopping 24 security holes. The majority of these vulnerabilities are rated "high risk" and could lead to remote code execution attacks.
As part of its bug-bounty program, Google paid out more than $16,000 to researchers who reported these Chrome vulnerabilities.
This is the second major security update from Google Chrome in the few days. Last week, Google released Chrome 9.0.597.107 (all platforms) to cover a total of 18 security holes, most rated “high-risk.” Last week's update included a $14,000 cash payout.
This year's Pwn2Own contest will have a special emphasis on Google Chrome after Google announced it would put up a $20,000 cash prize for any hacker who can successfully compromise a Windows 7 machine via a vulnerability — and sandbox escape — in Chrome.
So far, two hacking teams have announced an interest in attacking the Chrome sandbox.
Here are the raw details on the latest patch (Google Chrome 10.0.648.127) from Google's Jason Kersey:
-   Low Possible to navigate or close the top location in a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
- [Linux only]  Low Work around an X server bug and crash with long messages. Credit to Louis Lang.
- [Linux only]  Low Possible browser crash with parallel print()s. Credit to Aki Helin of OUSPG.
- [$1337]  Medium Cross-origin error message leak. Credit to Daniel Divricean.
- [$500]  High Memory corruption with counter nodes. Credit to Martin Barbella.
- [$1000]  High Stale node in box layout. Credit to Martin Barbella.
- [$500]  Medium Cross-origin error message leak with workers. Credit to Daniel Divricean.
- [$1000]  High Use after free with DOM URL handling. Credit to Sergey Glazunov.
- [Linux only]  Medium Out of bounds read handling unicode ranges. Credit to miaubiz.
- [$1337]  High Same origin policy bypass in v8. Credit to Daniel Divricean.
-   Low Pop-up blocker bypasses. Credit to Chamal de Silva.
- [$1000]  High Use-after-free in document script lifetime handling. Credit to miaubiz.
-  High Out-of-bounds write in the OGG container. Credit to Google Chrome Security Team (SkyLined); plus subsequent independent discovery by David Weston of Microsoft and MSVR.
- [$1000]  High Stale pointer in table painting. Credit to Martin Barbella.
-  High Use of corrupt out-of-bounds structure in video code. Credit to Tavis Ormandy of the Google Security Team.
- [$1000]  High Crash with the DataView object. Credit to Sergey Glazunov.
- [$1000]  High Bad cast in text rendering. Credit to miaubiz.
- [$2000]  High Stale pointer in WebKit context code. Credit to Sergey Glazunov.
-  Low Leak of heap address in XSLT. Credit to Google Chrome Security Team (Chris Evans).
- [$1500]  High Stale pointer with SVG cursors. Credit to Sergey Glazunov.
- [$1000]  High DOM tree corruption with attribute handling. Credit to Sergey Glazunov.
- [$1000]  High Corruption via re-entrancy of RegExp code. Credit to Christian Holler.
- [$1000]  High Invalid memory access in v8. Credit to Christian Holler.