Patch/Configuration Management, Vulnerability Management

Three fixes included in Google Chrome update


The Stable channel of Google Chrome was updated to 34.0.1847.137 for Windows, Macintosh and Linux on Tuesday. It includes three high-priority security fixes, meaning an attacker can exploit vulnerabilities to read or modify confidential data that belongs to other websites.

CVE-2014-1740 is a use-after-free vulnerability in WebSockets that was discovered by Collin Payne and earned him $2,000, according to a Tuesday post by Daniel Xie. Discovering CVE-2014-1741, an integer overflow condition in DOM ranges, earned John Butler $1,500, and finding CVE-2014-1742, a use-after-free error in editing, earned cloudfuzzer $1,000.

Updating to the latest version of Google Chrome also brings Adobe Flash Player to its latest version, for Windows and Macintosh, which was released on Tuesday to address vulnerabilities that could enable attackers to take control of affected systems.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.