Google patches 12 Chrome vulnerabilities

PanARMENIAN.Net - Google on Thursday, April 5, patched 12 Chrome vulnerabilities, the second time in eight days that the search company has updated its browser, InfoWorld reports.

Most of the vulnerabilities - eight of the dozen - were identified as "use-after-free" bugs, a common type of memory vulnerability that researchers have found in large numbers within Chrome using Google's own AddressSanitizer detection tool.

Seven of the 12 bugs were rated "high," the second-most-serious ranking in Google's scoring system. Four were marked "medium" and one was labeled "low."

Google paid $6,000 in bounties to three researchers for reporting seven of the vulnerabilities. The others were unearthed by Google's own security team or were ineligible for a finder's fee.

Google has paid more than $216,000 in bug bounties this year.

Thursday's update to Chrome 18 also included a new version of Adobe Flash Player that patched two critical memory corruption vulnerabilities in the Chrome interface. The pair, unique to the Flash Player bundled with the browser, were reported by a Google security engineer and a team from IBM's X-Force Research group.

According to the advisory that accompanied Thursday's update, Google also fixed several non-security issues, including some related to hardware acceleration, a feature the company switched on in Chrome when version 18 debuted March 28.

Chrome accounted for 18.6 percent of the browsers used worldwide last month, a decrease of about a third of a percentage point from February, said Internet measurement vendor Net Applications earlier this week. Chrome's usage share has declined three months running, and is down about 3 percent since the start of the year.

The patched version of Chrome 18 can be downloaded for Windows, Mac OS X and Linux from Google's website. Already installed copies of the browser will be updated automatically by Chrome's silent service.