The Inquirer-Home

Google squashes Chrome security bugs, updates Flash Player

Bug-finders win cash prizes
Fri Apr 15 2011, 13:25

THE LATEST Google Chrome web browser update fixes three critical security flaws as well as a zero-day problem with Adobe's Flash Player on Windows, Mac, Linux and Chrome Frame.

The three security vulnerabilities were rated as critical and are associated with the Graphics Processing Unit (GPU) process over use-after-free, off-by-three (Windows only) and heap overflow issues. Critical means that left unresolved they could have allowed an attacker to remotely execute arbitrary code on a victim's computer.

The new version of Chrome will also carry a new version of Flash Player, which Adobe is also releasing today. This fixes a vulnerability that has seen hackers launch attacks using Flash files embedded in Word files sent as email attachments.

Two security researchers were rewarded in their efforts to detect and report the vulnerabilities. For the off-by-three GPU bug yuri.ko616 earned $500. Christop Diehl earned $1,000 for finding the heap overflow GPU bug, while the other vulnerability was found by a member of the Chrome security team.

You can update by downloading the new version from the Chrome website, while current users can also use the built-in update tool. Chrome is rapidly increasing in popularity, and this update is evidence that Google is being proactive with web browser security like its rivals, as it has to be. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Mobile versus security

Does the rise of BYOD and mobile devices mean firms are losing control of security?