Google releases Chrome 15 browser with 'bountiful' security fixes

A handful of security fixes came with the release of Google's Chrome 15 web browser
A handful of security fixes came with the release of Google's Chrome 15 web browser

The company fixed 11 high-severity, three medium-severity, and four low-severity flaws. The high-severity flaws included URL bar spoof in history handling, cross-origin policy violations (for which Sergey Glazunov received a hefty $12,174 bounty), various use-after-free issues, and heap overflow in Web Audio.

Google paid over $26,000 in bounties to researchers, including $13,674 to Glazunov and $10,337 to "miaubiz".

Google said that, although Chrome was not directly affected, the Network Security Services (NSS) library has been updated to include a defense against the BEAST (browser exploit against SSL/TLS). The defense may expose bugs in Brocade hardware, an issue that Brocade is working on, according to Google.

Chrome 15 also includes new features, such as a redesigned New Tab page. The overhauled tabs separate apps and most-visited websites; they are accessible via the arrows on the right and left, as well as the most visited and apps options at the bottom of the page.

“In the latest Stable release of Chrome, we’ve completely redesigned the New Tab page. It’s more streamlined, so it’s easier to access and organize your apps in different sections on the page”, Shannon Guymon, Google Chrome product manager, wrote in a blog.

“Apps and extensions are now presented in a wall of images that’s updated every time you visit the store. We hope this will help you quickly scan the store and find interesting things to try out. In addition, apps and extensions are easier to install – just hover over an image on the grid and click ‘Add to Chrome’”, Guymon added.

What’s hot on Infosecurity Magazine?