Google is updating the stable version of its Chrome Web browser for Windows, Mac and Linux, addressing a handful of security vulnerabilities -- including four that could put users at risk simply by viewing a maliciously constructed image file.
Those vulnerabilities addressed in Chrome 5.0.375.99 are rated as "high" severity, and include a high-memory corruption flaw that could be triggered by an invalid PNG image file. Google awarded security researcher Aki Helin $1,000 for the discovery of the vulnerability, which he reported June 7.

However, because the flaw is actually rooted in the open source libpng program -- which is also in use by other Web browsers and open source applications -- Helin later suggested in Google's tracking system that the company help mitigate the risk to other browsers and applications still using a vulnerable version of libpng by holding off on fixing the vulnerability, which would have thereby publicly revealed it. Instead, Helin suggested that the best approach might be to sync the Google Chrome patch with an update from the upstream libpng project, which ultimately issued its security bug update for the issue on June 25.

The link for this article located at eSecurity Planet is no longer available.