Chrome 21 update closes high-risk security holes
Three high-severity holes have been fixed in Google's latest stable channel update to the Chrome web browser. Version 21.0.1180.89 of Chrome for Windows, Mac OS X and Linux addresses a total of nine vulnerabilities in the web browser, and fixes a number of non-security issues with Flash, developer tools and gradient boxes.
The high severity vulnerabilities include two incidents of bad casting, when handling XSL transforms and run-ins, and a stale buffer appearing when loading URLs. Additionally, the update fixes three medium-risk and three low-risk issues. In total, Google paid security researchers $3,500 for discovering and reporting these holes as part of its Chromium Security Vulnerability Rewards program. As usual, further details about the security holes have not yet been disclosed, in order to allow affected users to update to the new version.
Chrome 21.0.1180.89 is available from google.com/chrome for Windows, Mac OS X and Linux; existing users can upgrade using the built-in update function. Chrome is built from Chromium, the open source browser project run by Google.
- Pwnium 2: Google pledges $2 million for Chrome exploits, a report from The H.
- Chrome 21 arrives with new API for video and audio communication, a report from The H.