Google plugs six security holes in Chrome browser, pays out $8,500

Google identified two of the vulnerabilities as “use-after-free” bugs, which refer to a memory management flaw that can be exploited by inject attack code, and two as “stale pointer” bugs, which refer to another memory allocation flaw, according to a Computerworld report.

This was the sixth time that Google has patched security flaws in its Chrome browser this year.

The security fixes were part of a Chrome Stable and Beta channels update to 10.0.648.204 for Windows, Mac, Linux, and Chrome Frame. Included in the release was support for the password manager on Linux, as well as performance and stability fixes.

Google also blacklisted more SSL certificates in response to the recent counterfeiting of SSL certificates issued by a Comodo affiliate.

Google has paid out $58,145 in bounties to researchers so far this year. Sergey Glazunov took home $7,000 for reporting four of the most recent security flaws, bringing his 2011 bounty total to $20,634. Glazunov is the most prolific of the independent researchers who specialize in identifying Chrome flaws, reporting 14 of the 54 bugs attributed to outsiders, according to Computerworld.

What’s Hot on Infosecurity Magazine?