H-Online: Google has announced an update to the stable version of Chrome, which brings the browser version to 19.0.1084.52 on Windows, Mac OS X and Linux. The update is a pure security update that does not include any new features – it closes nine vulnerabilities with a Common Vulnerability Scoring System (CVSS) rating of “High” and fixes two problems labelled “Critical” as well as two “Medium” level issues.
Many of the vulnerabilities are due to bugs in Chrome’s memory handling, such as out-of-bounds reads and use-after-free conditions, and Google points out that several of them were detected with their AddressSanitizer tool. Other bugs were fixed in Chrome’s PDF handling code and its V8 JavaScript rendering engine.
Further details about the security vulnerabilities have not yet been released; this is to give the updates time to roll out to all affected users. Google did announce that it has paid out its signature amount of $1337 to a researcher who reported one of the critical vulnerabilities. Three $1000 bounties and one of $500 were also paid to three other individuals as part of Google’s bounty program for Chrome security vulnerabilities. The company has recently published a detailed account of exactly how these types of vulnerabilities are discovered and how they reward the researchers who report security issues in a responsible manner.