New Google Chrome 36 Stable Fixes 12 Vulnerabilities
A total of 12 vulnerabilities have been repaired in this release, as always, some of them being discovered by external security researchers, who were also rewarded for their efforts through Google’s bug bounty program.
For a use-after-free security flaw (CVE-2014-3165) in web sockets, Google paid $2,000 / €1,500 to researcher Collin Payne; additional information about this flaw is not available at the moment.
From another external researcher, the Google team received details about a security glitch that could lead to information disclosure in SPDY. Identified as CVE-2014-3166, the discovery is credited to Antoine Delignat-Lavaud, second year PhD student in team Prosecco at Inria Paris.