Google announced on Tuesday the availability of Chrome 42 for Windows, Mac and Linux. The latest release addresses a total of 45 security issues and removes NPAPI support.<\/p>\n
Judging by the bug bounties paid out by Google, the most serious vulnerability fixed in Chrome 42 is a cross-origin bypass flaw in the HTML parser (CVE-2015-1235). The discovery of this high severity bug earned an anonymous researcher $7,500.<\/p>\n
The list of high severity vulnerabilities also includes a type confusion in V8 (CVE-2015-1242) reported by Cole Forrester of Onshape, a use-after-free in IPC (CVE-2015-1237) reported by Khalil Zhani, and an out-of-bounds write bug in the Skia graphics engine (CVE-2015-1238) identified by cloudfuzzer.<\/p>\n
The medium severity security issues reported by external researchers are a cross-origin-bypass in the Blink web browser engine, an out-of-bounds read in WebGL, a use-after-free in PDFium, a tap-jacking flaw, an HSTS bypass in WebSockets, an out-of-bounds read in Blink, scheme issues in OpenSearch, and a SafeBrowsing bypass.<\/p>\n
The researchers who contributed to making Chrome more secure have been awarded a total of $21,500, according to a blog post published by Google. However, the total amount could be higher since there are some vulnerability reports that haven\u2019t gone through the search giant\u2019s reward panel.<\/p><\/blockquote>\n
![\"Google](\"https:\/\/farm8.staticflickr.com\/7592\/16539418403_2f6a8dff3f.jpg\")
<\/p>\n