Google plugs seven security flaws in Chrome

This time, Google is plugging seven security holes, including six that the company identified as high-priority flaws, as well as providing an updated version of Adobe Flash.

The Chrome 12 update corrects three use-after-free errors, a memory corruption issue in CSS parsing, a bad bounds check in the V8 JavaScript engine, lifetime and re-entrancy issues in the HTML parser, and a medium-risk out-of-bounds read problem in NPAPI string handling.

Google paid out a total of $6,000 in bounties to researchers, most of that going to researcher Miabuiz who raked in $4,500 for reporting five Chrome vulnerabilities. Phillipe Arteau received $1,000 for reporting the medium-risk vulnerability, and Aki Helin of the Oulu University Secure Programming Group (OUSPG) received $500 for the bad bounds check in V8.

Earlier this month, Google fixed 15 security flaws in version 12 of its Chrome browser, doling out $10,000 to researchers. At the end of May, Google fixed four vulnerabilities, including two critical ones, in its Chrome browser. And early in May, Google fixed 25 security flaws with its version 11 update, giving out $16,500 in bounties.

What’s Hot on Infosecurity Magazine?