The Google Chrome team has updated its web browser to version 24.0.1312.56 for Mac OS X and other operating systems, with security fixes for multiple high-severity vulnerabilities. This build fixes five vulnerabilities altogether, including three high-severity bugs and two medium-severity bugs. Google rewarded $1,000 in cash to a security researcher who provided information about one of the high-severity vulnerabilities covered in this browser update.
The following security issues were fixed in Chrome version 24.0.1312.56:
- CVE-2013-0839: Use-after-free in canvas font handling.
- CVE-2013-0840: Missing URL validation when opening new windows.
- CVE-2013-0841: Unchecked array index in content blocking.
- CVE-2013-0842: Problems with NULL characters embedded in paths.
- CVE-2013-0843: [Mac only] Crash with unsupported RTC sampling rate.
Google’s Chrome web browser updates automatically, so users will get the security updates after launching the software. If you don’t use Google Chrome, you can try it out by installing the newest version here.