Chrome 18 update closes high-risk security holes
Google has released a new update to the stable 18.x branch of its Chrome web browser to close a number of security holes found in the application. The update, labelled 18.0.1025.168, addresses a total of five vulnerabilities, three of which are rated as "high severity" by the company.
These include use-after-free problems in floating point handling and the XML parser; all of these bugs were detected using the AddressSanitizer. As part of its Chromium Security Vulnerability Rewards program, Google paid a security researcher by the name of "miaubiz", who is number three in the company's Security Hall of Fame, $1,000 for discovering and reporting one of the float handling problems. Two medium risk problems related to IPC validation and a race condition in sandbox IPC have also been corrected.
Further information about the update can be found in the announcement post on the Google Chrome Releases blog. Chrome 18.0.1025.168 is available to download for Windows, Mac OS X and Linux from google.com/chrome; existing users can upgrade using the built-in update function.
- Chrome 19 enters beta and adds synchronised tabs, a report from The H.
- Chrome 18 improves graphics performance, closes security holes, a report from The H.