A number of 20 security holes were identified in the previous versions and patched up to ensure that cybercriminals can’t leverage them to launch attacks against Chrome customers.
The list of low severity issues that were addressed covers crashes when the database is utilized excessively, when unusual certificates are used, and in signature check. Other similar weaknesses include a URL bar confusion after drag and drop operations, and a clipboard monitoring issue after Paste events.
A total of $2,500 (1,700 EUR) was awarded to researchers who identified medium severity flaws that exposed Chrome to potentially malicious operations. These vulnerabilities include an out-of-bounds read in audio decoding, in path clipping, PDF fax image handling, in libxslt, and shader translator.
The high severity risks were rewarded with $8,000 (5,600 EUR) and included use-after-free conditions in PDF garbage collection, in mousemove events, SGV layout, and CSS handling. Bad casts with column spans, a buffer overflow in locale handling, and a crash when aborting an IndexDB transaction were also present in previous variants of Chrome.
Shawn Goertzen received $1,000 (700 EUR) for identifying a critical vulnerability that resulted in a race condition after a crash of the utility process.
Besides members of the Chromium development community, other people that contributed to making sure the latest version is more secure include miaubiz, Drew Yao and Braden Thomas of Apple, Sławomir Błażek, Aki Helin of OUSPG, Chamal de Silva and Atte Kettunen of OUSPG.
Users are advised to immediately update their Chrome browsers to the latest stable version not only to benefit from the latest features, but also to protect themselves against threats that may rely on the aforementioned weaknesses.
Google Chrome 17 for Windows is available for download here
Google Chrome 17 for Linux is available for download here
Google Chrome 17 for Mac is available for download here