Google Chrome Update Fixes 2013's 1st Critical Flaw
The new update for Google's Chrome browser doesn't offer any new features, but it will keep you safe from a number of potential hacks and hijacks. Google has fixed 12 security flaws, including its first critical flaw since December 2012.
The latest patch brings Chrome to version 27.0.1453.110 m. Unlike its earlier Chrome 27 update, which added voice search and faster loading times, this patch focuses only on under-the-hood vulnerability fixes.
Since Google is still distributing the update to all Chrome users, it has restricted access to its explanations of each flaw. Otherwise, would-be hackers could simply read how to exploit each vulnerability and catch Chrome users before the fixes go into effect.
Google awarded $500 to user "daniel.zulla," who discovered this update's only medium-risk vulnerability. This flaw allowed malefactors to take advantage of memory corruption in Chrome's developer tools.
Of more interest are the high-risk vulnerabilities, for which the rewards ranged from nothing (Google employees do not receive bonuses for fixing security flaws) up to $1,500. Most of these fixes involved "use-after-free" memory, which could provide a fertile space for malware.
User Collin Payne discovered a particularly interesting high-risk vulnerability as well, involving use-after-free memory in database interfaces. Although Google has not yet revealed the exact details of the potential exploit, it liked Payne's work enough to award him $1,337 — an amount that corresponds to Internet-speak for "elite." [See also: 5 Looming Threats That Keep Security Experts Up at Night]
The star of the show, however, was the one critical flaw, discovered by in-house Chrome security personnel. Google describes it as "memory corruption in SSL socket handling." This basically means that when using functions that require secure socket layer (SSL) protocols, such as email or social network logins, a hacker could take advantage of corrupted data to run malicious code on a user's machine.
Google will automatically update all Chrome browsers over the next few days, but if you want the update right away, just click on the options toolbar and "About Google Chrome." The program will automatically detect the latest version and update to it.
This update represents the discovery of Chrome's first critical security flaw of 2013. With any luck, it will be the last as well.