The H-Security: Google has released version 17.0.963.83 of its Chrome web browser, a maintenance update that fixes issues with Flash games and closes several security holes. The Stable channel update addresses a total of nine vulnerabilities, six of which are rated as “high severity“.
These include an integer issue in libpng (the official PNG reference library), a memory corruption problem in WebGL canvas handling and a cross-origin violation related to “magic iframe”, as well as use-after-free errors in first-letter handling, CSS cross-fade handling and block splitting. One medium-risk invalid read in the V8 JavaScript engine and two low-risk problems related to WebUI privileges and unpacked extension installation have also been fixed.
As part of its Chromium Security Vulnerability Rewards programme, Google paid security researchers $5,500 for discovering and reporting the holes. Additional details about the vulnerabilities are being withheld until “a majority of users are up-to-date with the fix”. The developers also note that a low severity issue related to the extension web request API was fixed in a previous release but was not properly credited.
Further information about the update can be found in a post on the Google Chrome Releases blog. Chrome 17.0.963.83 is available to download from google.com/chrome for Windows, Mac OS X and Linux; alternatively, existing users can upgrade using the built-in update function.