Google grants $3,500 for Chrome security holes this time around, version 21

Google Chrome development team has released the newest version of Chrome today, version 21. You can get this update installed now as such:

  • Hit the Wrench Icon in the top right corner of the browser.
  • Select About Google Chrome.
  • It will automatically check for and install the update.
  • Once done, it will ask the relaunch the browser. Please do so to make sure it finishes installing.

When you check the About Google Chrome again, you should see that it’s updated as such:

This update fixes three critical security updates. According to Naked Security by Sophos:

The first, CVE-2012-2866, fixes a problem in which Chrome failed to properly perform a cast of an unspecified variable during handling of run-in elements. If left unpatched, it could allow attackers to cause a denial of service (or worse) on a vulnerable Chrome instance using a specially-crafted document.

The second security hole rated “high,” fixes a fault, CVE-2012-2869, in which Chrome improperly loaded URLs which could allow remote attackers to create a denial of service or, possibly, take additional actions on a vulnerable system.

The third vulnerability with a “high” rating, CVE-2012-2871, fixes a problem with libxml2 2.9.0-rc1 and earlier, a standard Google Chrome component. Earlier versions of that library don’t properly support a cast of an unspecified variable during XSL transforms – a process in which webpage style sheets are rendered when a page is loaded.

When Google began its bounty programs for bug finding, a flood of new security vulnerabilities have occurred. It’s now getting easier for software testers to make some extra cash.


Ad: Spyware Doctor delivers powerful protection against spyware and adware threats. Click Here

Tags: , , , , , ,

About Dr Jay

%d bloggers like this: