Google fixes 7 Chrome security holes just before CanSecWest

The day before two annual Google-sponsored hacking contests kick off at a security conference in Vancouver, Google tidies up some of Chrome's loose ends.

Google has fixed seven security flaws in Chrome, just a day before the annual, real-time hacking competitions Pwnium and Pwn2Own.

The new security update for Chrome on Windows, Mac, and Linux patched four flaws labeled as High, below the more important level of Critical; three flaws in its rendering engine V8; and updated its internal version of Flash Player.

Three High-level vulnerabilities were found by three independent researchers, who earned a total of $8,000 for their work. The last High-level vulnerability was discovered by Google employees, as were the V8 vulnerabilities.

  • [$4000][344881] High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva.
  • [$3000][342618] High CVE-2014-1701: UXSS in events. Credit to aidanhs.
  • [$1000][333058] High CVE-2014-1702: Use-after-free in web database. Credit to Collin Payne.
  • [338354] High CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets.
  • [328202, 349079, 345715] CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version
  • Google did not immediately respond to a request for comment, although Google does issue security updates for Chrome on a regular basis.

    Featured Video
    This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
    Sorry, you are not old enough to view this content.

    The WRT1900ACS is Linksys' new best Wi-Fi router to date

    CNET editor Dong Ngo compares the new WRT1900ACS and the old WRT1900AC Wi-Fi routers from Linksys. Find out which one is better!

    by Dong Ngo