Google fixes vulnerabilities in Chrome 4 for Windows

[nsane.forums]

Google has released version 4.0.249.89 of Chrome for Windows, a security update that addresses several high and medium risk vulnerabilities in its WebKit-based browser

View: Original Article

[DKT27]

Chrome gets fixed; researcher gets paid

<img src="http://i45.tinypic.com/35079sl.jpg" align="left">

first payouts to crowd-sourced security researchers have been delivered.

The stable version of Google Chrome for Windows has been updated with three critical security fixes and an announcement that the

Chrome 4.0.249.89 repairs serious problems found in processing the < ruby > tag, and two integer overflows that affected the Javascript engine and deserialized the sandbox message. Google has a policy of not revealing more information about security fixes until a majority of users have updated their browser.

Other security fixes issued in this release include several medium and low level risks, encompassing proxy behavior, redirection target link leaks, and domain confusion populating the HTTP authentication dialog. This last one was discovered by Timothy D. Morgan, a researcher from VSR and one of the first recipients of the crowd-sourced researcher payments. Google stated that Morgan donated his $500 reward to Haitian relief efforts, and so the company raised it to $1,337.

Google watchers will note that for the first time, the Chrome stable version number is ahead of the Chrome beta for Windows, which is currently at v4.0.248.70. It wouldn't be surprising to see the beta version updated soon. The full changelog for Google Chrome 4.0.249.89 can be read here.

Source - CNET