Chrome 26 is officially out and, as always, the latest stable channel update
comes with a number of improvements in the security section. However, on this
occasion, only 2 high-severity vulnerabilities have been addressed.
One of the high-severity flaws has been uncovered by Atte Kettunen of OUSPG. The expert has been rewarded with $1,000 (780 EUR) for a use-after-free issue in Web Audio.
By fixing the other high-severity bug, Google ensures that isolated websites run in their own processes.
Of the four medium-severity vulnerabilities, one – a use-after-free with pop-up windows in extensions – affects only the Linux variant.
Five low-severity bugs have also been identified.
Most of the issues have been found by the Google Chrome Security Team and members of the Chromium development community.
Subho Halder, Aditya Gupta, and Dev Kar, all three of xys3c, and “t3553r” have also been credited for finding security holes.
One of the high-severity flaws has been uncovered by Atte Kettunen of OUSPG. The expert has been rewarded with $1,000 (780 EUR) for a use-after-free issue in Web Audio.
By fixing the other high-severity bug, Google ensures that isolated websites run in their own processes.
Of the four medium-severity vulnerabilities, one – a use-after-free with pop-up windows in extensions – affects only the Linux variant.
Five low-severity bugs have also been identified.
Most of the issues have been found by the Google Chrome Security Team and members of the Chromium development community.
Subho Halder, Aditya Gupta, and Dev Kar, all three of xys3c, and “t3553r” have also been credited for finding security holes.