Google has fixed seven security flaws in Chrome, just a day before the annual, real-time hacking competitions Pwnium and Pwn2Own.
The new security update for Chrome on Windows, Mac, and Linux patched four flaws labeled as High, below the more important level of Critical; three flaws in its rendering engine V8; and updated its internal version of Flash Player.
Three High-level vulnerabilities were found by three independent researchers, who earned a total of $8,000 for their work. The last High-level vulnerability was discovered by Google employees, as were the V8 vulnerabilities.
[$4000][344881] High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva. [$3000][342618] High CVE-2014-1701: UXSS in events. Credit to aidanhs. [$1000][333058] High CVE-2014-1702: Use-after-free in web database. Credit to Collin Payne. [338354] High CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets. [328202, 349079, 345715] CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18.
Google did not immediately respond to a request for comment, although Google does issue security updates for Chrome on a regular basis.
Discuss: Google fixes 7 Chrome security holes just before CanSecWest
Be respectful, keep it clean and stay on topic. We delete comments that violate our policy, which we encourage you to read. Discussion threads can be closed at any time at our discretion.