Chrome 43 was promoted to the stable channel for Windows, Mac and Linux on Tuesday.
One sandbox escape bug, CVE-2015-1252, earned an anonymous researcher $16,337. Most of the bugs weren’t thoroughly detailed because the team is waiting until a majority of users have updated.
CVE-2015-1265 was also addressed, which pertained to multiple issues found during internal audits, fuzzing and other initiatives.
Other high severity bugs included two cross-origin bypasses, one in DOM and one in Editing, as well as one use-after-free bug in WebAudio, one in SVG and one in Speech.
A reward of $7,500 was the second highest amount paid and went to the anonymous researcher who found the cross-origin bypass in DOM.
In the medium severity category were six bugs, one of which pertained to container-overflow in SVG. Others allowed for URL bar spoofing, a negative-size parameter in Libvpx and an uninitialized value in PDFium.
Only two low severity bugs were patched. The first, CVE-2015-1263, involved an insecure download of the spellcheck dictionary. The other, CVE-2015-1264, allowed for cross-site scripting in bookmarks.
Separately, a Google spokesperson told SCMagazine.com that a bug fix for “Logjam,” a vulnerability in the way Diffie-Hellman key exchange is deployed, will not be patched in a stable version of Chrome for at least a week. A fix in Chrome Canary, however, should be live in a day or two.