The Google team has updated its web browser to Google Chrome 27.0.1453.93 for Mac and other operating systems, which includes security fixes for fourteen vulnerabilities (11 high-level bugs, 2 medium-level bugs, and 1 low-level bug). Google provided $14,633.70 in rewards to the security researchers who provided information about the vulnerabilities covered in this software update.
Following are details of all security issues fixed in Chrome version 27.0.1453.93:
- CVE-2013-2836: Various fixes from internal audits, fuzzing and other initiatives.
- CVE-2013-2837: Use-after-free in SVG.
- CVE-2013-2838: Out-of-bounds read in v8.
- CVE-2013-2839: Bad cast in clipboard handling.
- CVE-2013-2840: Use-after-free in media loader.
- CVE-2013-2841: Use-after-free in Pepper resource handling.
- CVE-2013-2842: Use-after-free in widget handling.
- CVE-2013-2843: Use-after-free in speech handling.
- CVE-2013-2844: Use-after-free in style resolution.
- CVE-2013-2845: Memory safety issues in Web Audio.
- CVE-2013-2846: Use-after-free in media loader.
- CVE-2013-2847: Use-after-free race condition with workers.
- CVE-2013-2848: Possible data extraction with XSS Auditor.
- CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
In addition to security fixes, the Google team mentioned the web browser includes the following new items:
Improved ranking of predictions, improved spell correction, and numerous fundamental improvements for Omnibox predictions.
Chrome 27 also contains a new Adobe Flash build. You can find more information about Adobe's newest software updates here.
Google’s Chrome browser updates automatically (you’ll get the updates after launching the browser), or you can download Google Chrome to install the newest version.