Chrome and Flash Vulnerabilities Patched
By David Gilbert | November 7, 2012 11:28 PM EST
Google has fixed 14 bugs in Chrome 23, while Adobe has patched seven critical vulnerabilities in Flash Player.
In what may come as a surprise for many users, Google has announced that as part of the release of the latest version of its hugely popular browser, Chrome 23, it has patched 14 flaws, eight of which are rated as very important.
Of the 14 vulnerabilities found in Chrome, 12 were for the Windows version and two other flaws are specific only to Mac OS X. Eight of the 14 flaws were rated as high by Google (including both Mac OS X flaws) with the rest rated as having either medium or low severity.
As a way of incentivising security researchers to find these flaws and report them to Google, the search giant hands out financial rewards. This time around, the company handed out $9,000 in rewards.
The highest reward went to a researcher named Phil Turnbull, who reported an integer overflow leading to out-of-bounds read in WebP handling. That earned him a $3,500 payment. In addition to the bug fixes, Google also included an updated version of Adobe Flash in Chrome 23.
Speaking of Flash, Adobe has also today patched critical vulnerabilities in Flash Player, which could lead to system crashes or, more worryingly, allow hackers gain access to your PC remotely.
According to Adobe none of the flaws which have been patched in the latest update have been exploited yet. Adobe also said users should upgrade Flash Player.
Typically Adobe updates its widely-used Flash Player quarterly, at the same time as Microsoft's monthly Patch Tuesday updates. This time however Adobe has issued the update a week early, giving an indication of the seriousness of the flaws which needed to be fixed.
According to security expert at Sophos, Chester Wisniewski, Flash Player remains one of the most exploited plugins used in drive by web attacks, and he add "it is sensible to update as soon as possible."
Version 11.4.402.287 of Flash Player and earlier are affected on Windows and Apple Macintosh. There are also fixes for Linux (versions 220.127.116.11 are vulnerable) and Android 4.x, 3.x and 2.x.
To find out which version of Flash you are running you can visit this website.
To contact the editor, e-mail: