Chrome: Pinkie Pie's 64-bit vulnerability fixed
Google has released security updates to the Stable and Beta channels of its Chrome browser and to the Stable channel of Chrome OS. The update to the Stable channel for Chrome closes two security vulnerabilities rated High by the company, one of which earned the leading hacker of the Chrome browser, Pinkie Pie, a $7331 payout and a congratulatory note from the Chrome team for a successful 64-bit exploit of Chrome.
The vulnerability reported by Pinkie Pie concerns a use-after-free problem in the browser's media source handling. This has been fixed in the Stable channel with version 23.0.1271.95 of Chrome along with a vulnerability discovered by the Chrome Security Team that exploits incorrect file path handling. The Beta channel update to version 24.0.1312.27 fixes several stability problems and a memory leak in the canvas drawing code with GPU acceleration. Details about all changes in the new versions can be found in the SVN revision logs for the Stable and Beta channels.
Chrome OS has also been updated to version 23.0.1271.94 in its Stable channel. The new release brings user interface improvements such as a modified sign-in screen, an improved notification area and the introduction of cloud-based wallpaper management. The most important applications are now also available in offline mode by default. A Medium-rated heap buffer overflow in the GPU-based WebGL implementation was also fixed and earned the hacker who discovered it $3500.