Google patched 20 vulnerabilities in the desktop edition of Chrome and added new anti-malware download warnings to version 17.
The company called out a pair of new features in Chrome 17, including the expansion of anti-malware download warnings and prerendering of pages suggested by the address/search bar’s auto-complete function.
Google refreshed Chrome eight weeks ago, on Dec. 13. One of the 20 vulnerabilities patched rated “critical,” the highest ranking in Google’s threat system. Eight were “high,” while five came in at “medium” and six were “low.”
Google paid $10,500 in bounties to four researchers for reporting 11 bugs, and another $3,133 to one of the four who uncovered a serious flaw developers fixed before Chrome 17 made it to release. Google’s security team discovered nine other vulnerabilities.
Per its usual practice, Google blocked access to its bug tracking database for all 20 vulnerabilities to prevent outsiders from obtaining details an attacker could use to build exploits.
Google added an extension of Chrome’s long-running anti-malware download warnings and faster displaying of some Web pages.
The new download warnings alert users when they try to retrieve executable Windows files — including those with the “.exe” and “.msi” extensions — that Google knows or suspects are malicious, or hosted on a website that commonly distributes threats.