Google closes vulnerabilities in Chrome 5
Google has released version 5.0.375.99 of Chrome, a security update that addresses four "high" risk vulnerabilities in its WebKit-based browser. According to the developers, all four of the high risk issues could lead to memory corruption caused by either invalid PNG files or SVGs, issues in the Bidirectional algorithm or problems in CSS style rendering. The stable channel update also addresses one medium risk vulnerability related to sandboxed iframes and three low risk issues.
As part of its Chromium Security Reward programme, launched earlier this year, Google has been rewarding those reporting security vulnerabilities. Reported by Team 509 and the Oulu University Secure Programming Group (OUSPG), the discoverers of each of the four high risk vulnerabilities closed in the latest stable update were rewarded with $500 or $1,000. In special cases, a committee can decide to increase the amount to a maximum of $1,337, but the maximum is only awarded for vulnerabilities which are particularly critical, or for particularly clever reports on vulnerabilities and their exploitation.
The Chrome development team have also updated the developer channel (a.k.a. the Dev channel) release. Version 6.0.453.1 of Chrome enables the new consolidated menu by default and, when printing PDFs using the built-in PDF plug-in, now prints vectors instead of pixels on Windows systems. Other Dev channel changes include experimental support for GNOME Keyring and KWallet for storing user passwords, and PDF plug-in support on Linux systems. Users can enable built-in PDF support by going to
chrome://plugins. The developers note that many advanced PDF features found in Adobe's Reader product, such as certain types of embedded media, are not yet supported.
More details about the Chrome 5.0 security update can be found in a post on the Google Chrome Releases blog. Chrome 5.0.375.99 is available to download for Windows, Mac OS X and Linux from google.com/chrome. Users who currently have Chrome installed can use the built-in update function by clicking Tools, selecting About Google Chrome and clicking the Update button. All users are advised to update to the latest release as soon as possible.
- Google invites attacks on Chrome, a report from The H.