The H-Online: Google has released a new update to the stable 18.x branch of its Chrome web browser to close a number of security holes found in the application. The update, labelled 18.0.1025.168, addresses a total of five vulnerabilities, three of which are rated as “high severity” by the company.
These include use-after-free problems in floating point handling and the XML parser; all of these bugs were detected using the AddressSanitizer. As part of its Chromium Security Vulnerability Rewards program, Google paid a security researcher by the name of “miaubiz”, who is number three in the company’s Security Hall of Fame, $1,000 for discovering and reporting one of the float handling problems. Two medium risk problems related to IPC validation and a race condition in sandbox IPC have also been corrected.
Further information about the update can be found in the announcement post on the Google Chrome Releases blog. Chrome 18.0.1025.168 is available to download for Windows, Mac OS X and Linux from google.com/chrome; existing users can upgrade using the built-in update function.