Google fixes critical vulnerabilities in Chrome 5

Google has released version 5.0.375.125 of Chrome, a security update that addresses three "high" risk vulnerabilities in its WebKit-based browser. According to the developers, two of the high risk issues could lead to memory corruption while SVG handling or rendering code. A third high risk problem affecting large canvases has also been addressed.

Additionally, the stable channel update addresses one medium risk vulnerability related to memory contents disclosure in layout code and a single low risk issue. Further details of the vulnerabilities are being withheld until "a majority of users are up-to-date with the fix". All users are encouraged to update to the latest release as soon as possible.

As part of its Chromium Security Reward programme, launched earlier this year, Google has been rewarding those reporting security vulnerabilities. The discoverers each of the three high risk vulnerabilities and medium risk vulnerability closed in the latest stable update, sp3x of SecurityReason, Jose A. Vazquez and Aki Helin of the Oulu University Secure Programming Group (OUSPG) and Michail Nikolaev, were each rewarded with $500. Google Chrome developer Jason Kersey also notes that Marc Schoenefeld and Simon Berry-Byrne were each awarded with $1,337 for their help closing two critical vulnerabilities in external components, a Windows kernel bug and a glibc bug.

More details about the Chrome 5.0 security update can be found in a post on the Google Chrome Releases blog. Chrome 5.0.375.125 is available to download for Windows, Mac OS X and Linux from google.com/chrome. Users who currently have Chrome installed can use the built-in update function by clicking Tools, selecting About Google Chrome and clicking the Update button.

See also:

• Google's security team redefines "responsibility", a report from The H.
• Google invites attacks on Chrome, a report from The H.

(crve)