Google patched 11 vulnerabilities--three critical, seven high-risk, and one medium--in a new version of Chrome released Thursday.
All but one of the problems was in Chrome itself. The additional issue handled in
Chrome 5.0.375.127 is a workaround for a critical Windows kernel bug, according to a blog post Thursday by Jason Kersey of the Chrome team.
Chrome has an automated update process that periodically checks for updates, downloads new versions, and installs them when a person restarts the browser. For a quicker update, people can follow
Google's instructions to check for and install a Chrome update.
The critical Windows kernel bug and the two other critical problems each merited bounty payments of $1,337 for the discoverers. Although Google has added an "e-leet" payment option of $3,133.70 for very severe problems, it hasn't awarded any bounties that high so far.
The program has been lucrative for Sergey Glazunov, whom Google credited for discovering two of the critical and two of the high vulnerabilities that were patched Thursday. Glazunov, who also won the first $1,337-level bounty, is the clear leader so far in the Chrome security hall of fame and has earned a total of $8,011 in the program.
