adv
NewsGoogle patches serious Chrome bugs

Google patches serious Chrome bugs

By Gregg Keizer | 27 Jan 2012
Tag:
Google yesterday patched four vulnerabilities in Chrome, and disclosed that it had patched a fifth two weeks ago.
 
The refresh of Chrome 16 was the second security-related update for the browser this month.
 
One of the five bugs Google said had been quashed was actually a leftover from the Jan. 9 update. According to a blog post by Anthony Laforge, a Chrome program manager, that flaw was actually patched two weeks ago, but "[was] accidentally excluded from the release notes" at the time.
 
The vulnerability was the most serious of the five, rating a "critical" ranking, Google's top threat label.
 
According to the bug-tracking materials for Chromium, the open-source project that feeds code into Chrome, the critical bug caused the browser to crash when users saw Chrome's anti-malicious site warning and then refreshed the page.
 
Researcher Chamal de Silva reported the vulnerability in mid-December 2011, and was awarded $3,133 -- Google's highest bounty -- for his work. de Silva's bug was only the third time Google has paid out the $3,133 maximum, and the first time since June 2011.
 
In July 2010, Google boosted its top dollar bounty from $1,337 to $3,133, making the move less than a week after rival Mozilla increased Firefox bug bounties to $3,000.
 
Two other researchers who reported three of the remaining vulnerabilities were paid a total of $3,000 in bounties. Those bugs were rated as "high" threats.
 
Google has paid out more than $8,000 so far this year to independent researchers for filing bug reports. Last year, the search giant spent more than $180,000 on bounties.
 
Chrome accounted for 19.1% of all browsers used last month, a record for Google, according to Web metrics firm Net Application. If its share movement continues on past pace, Chrome will crack the 20% mark either this month or next.
 
Chrome 16, the current stable edition, can be downloaded from Google's website.
 
Computerworld (US)

Related articles:

Send us your comments

Image CAPTCHA
Enter the characters shown in the image.

Comments

security Features and Opinions

Feature

CSA -- standardizing security in the cloud

At the Evolve.CLOUD conference in Sydney CSO sat down with Archie Reed, CTO Strategic Enterprise...
Opinion

CSO Journal: SOX is out of control

It is time-consuming for companies like mine in SOX compliance. Unfortunately, it's about to get...

AddThis

Be the first one share this
FacebookLinkedinTwitterEmailPrint

embedded_ad

Growth, Agility and New Business Capabilities

By | 23 Mar 2012
Growth, Agility and New Business Capabilities

Click to view videoClick to view video

Cisco enables the world of many clouds – private, public, and hybrid. We offer a portfolio of cloud services and solutions that uniquely bring together the intelligence of the network, the power of the data center, and the flexibility of applications. The result is a compelling, assured, and consistent user experience with every service delivered from the clouds, anywhere, any time, on any device.

embed_ad_learn_more.jpg

Hong Kong government CIO to form cloud expert group

By | 23 Mar 2012
Greenpeace: HK datacenters lack the renewable energy option

Datacenters in Hong Kong can never become greener as the local government is lukewarm to the use of renewable energy, said Greenpeace during an interview with Computerworld Hong Kong on Monday...

adv
Sponsored Articles
  • CWHK daily enews
  • Security Watch
  • Data Buzz