Google has released new security updates through the Chrome stable channel in order to address several critical and high risk vulnerabilities, two of which were rewarded with special $1,337 prizes.
The new 5.0.375.127 update is still silently being pushed to users, so details about some of the fixed bugs were temporarily withheld from the general public for security reasons.
Nevertheless, Google lists two critical, six high and one moderate flaws in an
announcement on its Chrome Releases blog.
Both critical issues, described as a "memory corruption with file dialog" and a "crash on shutdown due to notifications bug," were discovered by a security researcher named Sergey Glazunov, who received $1,337 for each.
The high risk bugs referred to: a "memory corruption with SVGs" and "bad cast with text editing," both discovered by wushi of team509; a "possible address bar spoofing with history," credited to Mike Taylor; a "memory corruption in MIME type handling," also found by Mr. Glazunov; a "memory corruption with Ruby support" and "memory corruption with Geolocation support" discovered by kuzzcc.
The security issue rated as medium risk was reported by reputed Web application security researcher Robert "RSnake" Hansen and can be used to "stop omnibox autosuggest if the user might be about to type a password."
