Google closes vulnerabilities in Chrome 4 for Windows
The update also addresses three medium risk issues, a cross-site scripting bug, an issue that could cause pages to load with privileges of the New Tab page and a local file reference through developer tools. Further details of the vulnerabilities are being withheld until "a majority of users are up to date with the fix".
The first two high risk holes earned a developer going by the name of "kuzzcc" $500 each as part of Google's experimental Chrome Security Reward programme. Launched at the end of January, the programme is aimed at encouraging users to report vulnerabilities in its browser. Subject to committee decision, the standard $500 reward for each bug may be increased up to $1,337 for special cases and particularly critical issues.
More details about the update can be found in a post by Google Engineering Manager Mark Larson on the Google Chrome Releases Blog. Chrome 220.127.116.119 for Windows is available to download for Windows XP, Vista and Windows 7. Users that currently have Chrome 4 installed can update using the built-in update function by clicking 'Tools', selecting 'About Google Chrome' and clicking the 'Update' button.
- Google invites attacks on Chrome, a report from The H.