The Google team has updated its web browser to Google Chrome 26.0.1410.43 for Mac and other operating systems. Chrome 26 comes to you with security fixes for multiple bugs, resolving 2 high-level flaws, 4 medium-level flaws, and 5 low-level flaws. Google awarded $1,000 in cash to a security researcher who provided information about one of the high-level vulnerabilities (CVE-2013-0916) covered in this software update.
Following are details of all security issues fixed in Chrome version 26.0.1410.43:
- CVE-2013-0916: Use-after-free in Web Audio.
- CVE-2013-0917: Out-of-bounds read in URL loader.
- CVE-2013-0918: Do not navigate dev tools upon drag and drop.
- CVE-2013-0919: Use-after-free with pop-up windows in extensions.
- CVE-2013-0920: Use-after-free in extension bookmarks API.
- CVE-2013-0921: Ensure isolated web sites run in their own processes.
- CVE-2013-0922: Avoid HTTP basic auth brute force attempts.
- CVE-2013-0923: Memory safety issues in the USB Apps API.
- CVE-2013-0924: Check an extension’s permissions API usage again file permissions.
- CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions.
- CVE-2013-0926: Avoid pasting active tags in certain situations.
Google’s Chrome browser updates automatically (you’ll get the updates after launching the browser), or you can download Google Chrome to install the newest version.