Google has published a new update to the stable 20.x branch of Chrome to close a number of security holes in the WebKit-based web browser. Version 20.0.1132.57 of Chrome addresses a total of three vulnerabilities, all of which are rated as “high severity” by the company.
These include two use-after-free errors in counter handling and in layout height tracking that were discovered by a security researcher by the name of “miaubiz”. As part of its Chromium Security Vulnerability Rewards program, Google paid the researcher, who is number three in the company’s Security Hall of Fame, $1,000 for discovering and reporting each of the holes. A third high-risk problem related to object access with JavaScript in PDFs has also been corrected. As usual, further details about the vulnerabilities are being withheld until “a majority of users are up-to-date with the fix”. Other changes include stability improvements, and updates to the V8 JavaScript engine and the built-in Flash player plug-in.
Google also updated the Stable Channel of its ChromeOS operating system, currently available only on Samsung and Acer’s Chromebook notebooks, to version 20, just over two weeks after Google released the Chrome 20 browser on 26 June. ChromeOS 20.0.1322.54, based on the open source Chromium OS project, includes the security and stability improvements from Chrome, while also adding support for Google Drive, using Google Docs offline and other enhancements.
Chrome 20.0.1132.57 is available to download for Windows, Mac OS X and Linux from google.com/chrome; existing users can upgrade via the built-in update function. Chrome is built from Chromium, the open source browser project run by Google.