Google has fixed seven security flaws in Chrome, just a day before the annual, real-time hacking competitions Pwnium and Pwn2Own.
The new security update for Chrome on Windows, Mac, and Linux patched four flaws labeled as High, below the more important level of Critical; three flaws in its rendering engine V8; and updated its internal version of Flash Player.
Three High-level vulnerabilities were found by three independent researchers, who earned a total of $8,000 for their work. The last High-level vulnerability was discovered by Google employees, as were the V8 vulnerabilities.
[$4000][344881] High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva. [$3000][342618] High CVE-2014-1701: UXSS in events. Credit to aidanhs. [$1000][333058] High CVE-2014-1702: Use-after-free in web database. Credit to Collin Payne. [338354] High CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets. [328202, 349079, 345715] CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18.
Google did not immediately respond to a request for comment, although Google does issue security updates for Chrome on a regular basis.
Apple is nixing iPhone parenting apps: Here's why: Let's dive into the saga of mobile device management, or MDM, software and why it's causing a showdown between Apple and iOS developers.
What Amazon's one-day shipping means for you: Last week, Amazon announced it will decrease the standard shipping time for Prime members from two days to one. In this Tech Minute, here's how this change will impact your deliveries.
Discuss: Google fixes 7 Chrome security holes just before CanSecWest
Be respectful, keep it civil and stay on topic. We delete comments that violate our policy, which we encourage you to read. Discussion threads can be closed at any time at our discretion.