Version 4.1.2 49.1059 of Chrome, now released to the stable channel on Windows, fixes seven vulnerabilities in all, four of which are considered high priority, and three of which are medium. In a blog post made by Google Chrome Team member Mark Larson, the search engine giant said that the high-priority bugs fixed were a type confusion error with forms, a HTTP request error leading to a possible cross site request forgery, a cross site scripting bug in chrome://downloads, and finally a memory corruption error.
Two of the high-profile Chrome bugs were discovered by members of the Google security team. However, two others were credited to someone using the handle 'kuzzcc'. This person was awarded $500 for each bug, as detailed in the Google policy of awarding bounties to researchers outside the company who find holes in its software.
"Note that the reference bugs may be kept private until a majority of our users are up to date with the fix," said Larsen.
Google continues to fix security issues in its Chrome browser. The company recently altered its browser code to solve problems including race conditions and pointer errors in the sandbox infrastructure, a memory error with malformed structured vector graphics, and integer overflows in WebKit JavaScript objects, among others.
Mozilla is also recommending that users block what it says is an insecure Java plug-in. The organization, which maintains a list of blocked add-ons for its browser, has added a plug-in called the Java Deployment Toolkit to the list. A new exploit was released for all versions of this plug-in, according to posts made on its Bugzilla board.