Google has released version 10.0.648.204 of its Chrome web browser, a maintenance and security update to the Chrome 10 stable branch. The update addresses a total of six vulnerabilities in the WebKit-based browser that can be "exploited by malicious people to compromise a system" and rates all of them with a "High" priority. Secunia, for example, rates the vulnerabilities as highly critical.
According to Google, one of the high risk issues relates to a buffer error in base string handling, while two others have to do with use-after-free, where memory is deallocated but later accessed, in the frame loader and in HTMLCollection. The other issues range from a stale pointer in CSS handling and in SVG text handling, as well as a DOM tree corruption bug. The update also includes several performance and stability fixes and adds support for the browser's password manager on Linux systems.

As part of its Chromium Security Reward programme, Google rewarded those who reported security vulnerabilities with a total of $8,500, of which $7,000 went to developer Sergey Glazunov alone. Further details of the Chrome vulnerabilities are being withheld until "a majority of users are up-to-date with the fix".

The link for this article located at H Security is no longer available.