Google patches 29 vulnerabilities in latest Chrome release

Google has patched 29 security flaws, many of them deemed critical, in the latest update to the Chrome browser.

On Tuesday, Google pushed Chrome 45 for Windows, Mac and Linux to the stable channel and for public release. As part of the Chrome 45.0.2454.85 update, 29 bugs have been fixed, and a number of improvements have been made.

The most critical issues fixed in this update were three cross-origin bypass problems, which netted researchers $7500 in each case. In addition, a bug bounty hunter earned $5000 for a use-after-free vulnerability in Skia.

As part of Google's bug bounty program, researchers are awarded financial rewards based on the severity of the security flaw. The now-patched vulnerabilities earned researchers cash rewards ranging from $1000 to $7500. In total, $40,500 has been awarded to security researchers.

The full list of vulnerabilities submitted by external researchers is below:

• [516377 ] High CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous.
• [522791] High CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski.
• [524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
• [492263] High CVE-2015-1294: Use-after-free in Skia. Credit to cloudfuzzer.
• [502562] High CVE-2015-1295: Use-after-free in Printing. Credit to anonymous.
• [421332] High CVE-2015-1296: Character spoofing in omnibox. Credit to zcorpan.
• [510802] Medium CVE-2015-1297: Permission scoping error in WebRequest. Credit to Alexander Kashev.
• [518827] Medium CVE-2015-1298: URL validation error in extensions. Credit to Rob Wu.
• [416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit to taro.suzuki.dev.
• [511616] Medium CVE-2015-1300: Information leak in Blink. Credit to cgvwzq.

In addition, Chrome's security team patched a variety of problems based on internal audits, fuzzing and other initiatives.

If you are a Comodo user, it is probably worth waiting for downloading the latest update, as some users are reporting crash at startup problems, and the bug is yet to be resolved.

Last week, Google revealed plans to "pause" Flash-based advertisements through the Chrome browser. In order to watch these ads, Chrome users now need to manually consent to view the content.

In July, Google released a Chrome update which fixed a number of flaws including universal cross-site scripting (UXSS) flaws and heap buffer overflow problems.

Read on: Top picks

• How to access Wi-Fi anonymously from miles away
• Apple OS X zero-day flaw hands over root access without system passwords
• Getting physical: A $10 device to clone RFID access keys on the go
• Amazon dreams of drones-only airspace
• Strike the source: RIAA targets BitTorrent protocol to block pirate content
• Three top tips to keep connected cars safe from hackers

In pictures:

• Top 5 security practices in staying safe online: From the experts
• Cybersecurity reads which belong on every bookshelf
• Must-have iOS, Android productivity apps
• Safari browser extensions you never knew you needed