Chrome 25 Fixes 22 Security Vulnerabilities

Google’s latest version of their Chrome browser – version 25 – has been  promoted to the ‘Stable Channel’ and includes a few new items –

  • Improvements in managing and securing your extensions
  • Better support for HTML5 time/date inputs
  • JavaScript Web Speech API support
  • Better WebGL error handling
  • And lots of other features for developers

GoogleChromeReleases

Chrome-25

The new release also saw 22 vulnerabilities receive a fix, 20 of which were general and 2 which only affected the Linux and Mac versions.

Some of the vulnerabilities discovered earned bug bounties (a total of $3,500) for those that found them as detailed below:

  • [$1000] [172243] High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG.
  • [$1000] [171951] High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva.
  • [$500] [167069] Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG.
  • [$500] [165432] High CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan.
  • [$500] [142169] Medium CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG.

You can learn more about all the vulnerabilities that were discovered by visiting Google’s Chrome update page at http://googlechromereleases.blogspot.ro/

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*