Google fixes 7 Chrome security holes just before CanSecWest

The day before two annual Google-sponsored hacking contests kick off at a security conference in Vancouver, Google tidies up some of Chrome's loose ends.

Google has fixed seven security flaws in Chrome, just a day before the annual, real-time hacking competitions Pwnium and Pwn2Own.

The new security update for Chrome on Windows, Mac, and Linux patched four flaws labeled as High, below the more important level of Critical; three flaws in its rendering engine V8; and updated its internal version of Flash Player.

Three High-level vulnerabilities were found by three independent researchers, who earned a total of $8,000 for their work. The last High-level vulnerability was discovered by Google employees, as were the V8 vulnerabilities.

  • [$4000][344881] High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva.
  • [$3000][342618] High CVE-2014-1701: UXSS in events. Credit to aidanhs.
  • [$1000][333058] High CVE-2014-1702: Use-after-free in web database. Credit to Collin Payne.
  • [338354] High CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets.
  • [328202, 349079, 345715] CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18.
  • Google did not immediately respond to a request for comment, although Google does issue security updates for Chrome on a regular basis.

    About the author

    Senior writer Seth Rosenblatt covers Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    15 crazy old phones from a Korean museum (pictures)
    10 gloriously geeky highlights from 2014 (pictures)
    2015.5 Volvo XC60: updated tech, understated design
    Busted! CNET readers show us their broken devices (pictures)
    Take a closer look at the BlackBerry Classic (pictures)