Google Fixes Three Critical Vulnerabilities in Chrome

Type threatpost
Reporter Brian Donohue
Modified 2014-05-15T12:35:03


UPDATE: An earlier version of this story included the incorrect version of Chrome.

Google yesterday released a stable channel update for Chrome, paying some $4,500 worth of bug bounties, and fixing three highly rated security vulnerabilities in the Windows, Mac, and Linux versions of its popular Web browser.

Related Posts

Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs

September 1, 2016 , 11:52 am

Browser Address Bar Spoofing Vulnerability Disclosed

August 17, 2016 , 12:54 pm

TCP Flaw in Linux Extends to 80 Percent of Android Devices

August 15, 2016 , 5:10 pm

The search giant paid out $2,000 to Collin Payne for a use-after free vulnerability in the WebSockets protocol. The company paid $1,500 to John Butler for discovering an integer overflow issue in document object model ranges. Google also paid $1,000 to a firm called CloudFuzzer for a second use-after-free bug, this time in editing.

The United States Computer Emergency Readiness Team warned that some of these bugs could give an attacker the ability to take control of vulnerable machines. Therefore, the Department of Homeland Security is encouraging users and administrators to review Google’s blogpost and apply the necessary updates.

The release also includes fixes for some Flash Player bugs, which Adobe addressed in it’s own patch yesterday. You can read more about Microsoft’s eight Patch Tuesday security bulletins and Adobe’s additional two, including the Flash Player fixes mentioned above.

This latest update is Google Chrome version 34.0.1847.137.