Google releases Chrome 45 and patches 29 vulnerabilities

With the new Chrome 45 available for Windows, Mac and Linux, this latest version of the web browser patched 29 vulnerabilities, 10 that were reported by external researchers.

Six of the security issues reported by external researchers have been given a high severity rating, according to Google.

The list includes a few cross-origin bypass flaws in DOM (CVE-2015-1291, CVE-2015-1293), a cross-origin bypass in Service Worker (CVE-2015-1292), use-after-free flaws in Skia (CVE-2015-1294) and Printing (CVE-2015-1295), and a character spoofing bug in the Omnibox address bar (CVE-2015-1296). Google has paid out for each of these.

The amount of money paid by Google thus far to those who assisted to making Chrome more secure is £26,470, however not all vulnerabilities have been reviewed by Google's reward panel.

Medium impact flaws patched with the release of Chrome 45 are a permission scoping error WebRequests, a URL validation error in extensions and information leak and use-after-free flaws in the Blink web browser engine.

Google's security team has also recognised many flaws via internal audits, fuzzing and other actions. They have additionally started killing Flash ads with the release of Chrome 45 in an effort to improve performance and curtail power usage. Security experts are thrilled to see the Flash ads go due to the high amount of vulnerabilities that have put users at risk over the past period.