The Stable channel of Google Chrome was updated to 34.0.1847.137 for Windows, Macintosh and Linux on Tuesday. It includes three high-priority security fixes, meaning an attacker can exploit vulnerabilities to read or modify confidential data that belongs to other websites.
CVE-2014-1740 is a use-after-free vulnerability in WebSockets that was discovered by Collin Payne and earned him $2,000, according to a Tuesday post by Daniel Xie. Discovering CVE-2014-1741, an integer overflow condition in DOM ranges, earned John Butler $1,500, and finding CVE-2014-1742, a use-after-free error in editing, earned cloudfuzzer $1,000.
Updating to the latest version of Google Chrome also brings Adobe Flash Player to its latest version, 220.127.116.11 for Windows and Macintosh, which was released on Tuesday to address vulnerabilities that could enable attackers to take control of affected systems.