STE WILLIAMS

Google has patched 23 vulnerabilities, including three marked high risk, in the latest update to the web browser.

Mountain View has yet to release details on the full set of patched bugs pushed out overnight in the new release 35 of Chrome for Windows, Mac and Linux.

Chrome engineer Karen Grünberg said it paid out US$9500 to external researchers for reporting vulnerabilities including use-after-free and cross site scripting.

The latest Chrome also sports better developer control over touch input, new JavaScript features and application program interfaces for apps and extensions.

A particularly interesting bug in the set was this one, discovered in April, that allowed abuse of the old speech API in Chrome for eavesdropping.

Bug payouts Google acknowledged in the patch include:

In a tip to would-be bug hunters Grünberg said many of the noted vulnerabilities were detected using its AddressSanitizer tool released in 2012. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2014/05/21/patch_or_cop_chrome_security_shiner/