Skip to main content

Google Patches Six High Level Vulnerabilities In Chrome

Google has patched six security vulnerabilities discovered in its Chrome web browser with the latest stable version.

According to the company, the Chrome version 10.0.648.204 patches six vulnerabilities that were given a 'high' severity classification by the search engine giant.

The vulnerabilities could allow an attacker to modify or corrupt data stored by websites on the browser and change browser security features. Google paid out a total of $8,500 in rewards to developers who discovered the vulnerabilities.

Google fixed a buffer issue found within the base string handling of the browser, with the developer responsible for discovering the bug receiving $500. Google paid $1,000 to the developer who discovered a use-after-free bug in the browser's frame loader.

Another use-after-free bug discovered in HTML Collection resulted in a $2,000 cash prize while a stale-pointer bug in CSS handling was worth $1,500, eWeek reports.

The company also patched a stale pointer bug in SVG text handling and a DOM tree corruption issue in the latest release, offering rewards of $1,500 and $2,000 respectively, under the Chromium Security Rewards program.

Google also blacklisted two secure socket layer (SSL) certificates for Chrome. The fake SSL certificates were issued by a rogue developer as part of a large scale politically motivated attack. A total of 9 fake SSL certificates were released for popular websites including Gmail, Skype and Windows Live.