Google’s Thursday-released security update to its Chrome Web browser fixed 11 vulnerabilities - two of which could apparently be exploited by malicious files, including SVG image files and MIME-type files; while others could be used by spoofing the contents of the address bar or divulging a password.

According to a blog post by Google’s Chrome team member Jason Kersey, the Chrome 5.0.375.127 update fixes three “critical”-rating vulnerabilities; seven vulnerabilities that received a “high” severity ranking; and one “medium” rated vulnerability.

Kersey added that the recent Chrome update fixed two critical bugs in Chrome itself; as well as included a work-around for a critical Windows kernel bug in non-Google code.

Google, however, refrained from disclosing any further details about the vulnerabilities that have been fixed via the Thursday Chrome update; and, like always, also blocked public access to its bug-tracking database – a typical procedure that the company follows to keep attackers from using the information before most users have upgraded.

In addition to fixing the bugs, Google also awarded researchers credited with reporting flaws, as part of the company’s bug bounty program. 

While security researcher Sergey Glazunov banked a total of $4,674 for reporting two critical vulnerabilities and one high-risk vulnerability; security researcher Marc Schoenefeld was awarded $1,337 for the Windows kernel find; and a researcher called “kuzzcc” received $2,000 for reported a couple of Chrome vulnerabilities.