The critical flaw involved a “race condition in audio handling” that was uncovered by the gamers of Reddit, Google announced. That flaw can be exploited to bypass the Chrome sandbox, according to Vupen Security.
A sandbox is a security measure to separate running programs; it provides a controlled set of resources and prevents applications from accessing protected resources.
Two of the flaws were ranked as “high”, and six were labeled as “low.” Chrome paid $2,000 to Aki Helin of OUSPG who found the two “high” security flaws: a “use-after-free in image loading” and “crashing when printing in PDF event handler.”
Chrome’s fix comes as Google has announced it would pay $20,000 and a CR-48 notebook computer to anyone who could hack into Chrome at next month’s Pwn2Own hacking contest at CanSecWest. The organizers of Pwn2Own are predicting that Chrome will be hacked on the second day of the contest when the rules are changed, according to a report in Computerworld.