The Google Chrome team promoted Chrome 44 to the stable channel for Windows, Mac and Linux on Tuesday – the update comes with 43 security fixes, several of which are for high severity vulnerabilities.
According to a blog post, two researchers each earned $7,500 for reporting critical bugs – a UXSS in Chrome for Android, and a UXSS in Blink. Separately, one researcher earned $5,500 for identifying a heap-buffer-overflow in PDFium, and another earned $5,000 for discovering a memory corruption in Skia.
Other high severity vulnerabilities that were fixed include a use-after-free in IndexedDB, a CSP bypass, and a use-after-free in Blink, the blog post noted. An issue where settings allowed executable files to run immediately after download was also addressed.
Among the medium severity vulnerabilities that were fixed are an information leak in XSS auditor, and an uninitialized memory read in ICU.