Number: IRCNE2013061864
Date: 2013/06/06
According to “computerworld”, Google today patched 12 vulnerabilities in Chrome, including one of the few labeled "critical" that it has fixed in the five-year history of its browser.
Tuesday's update to the "stable" build channel -- analogous to a production version -- included 12 patches: One critical, 10 pegged as "high" and one as "medium" in Google's four-step threat system.
The critical bug was described by Google as a "memory corruption in SSL socket handling" and credited to Sebastien Marchand of the Chromium development team.
The last time Google identified a Chrome bug as critical was in December 2012, when another Google employee, Michal Zalewski, was given the nod as the flaw's finder.
Only a small fraction of Chrome's vulnerabilities have been characterized as critical. In 2012, for example, Google used the label on just 12 out of nearly 250 reported bugs, or about 5% of the total.
A majority of the 12 flaws patched today were memory corruption-related vulnerabilities, a common category in Chrome.
New users can download the patched edition of Chrome 27 from Google's website, while current users can let the automatic updater retrieve and install the fixes.
- 2