Google patches Chrome for second time this month
Updates Windows version, pays bug bounties to researchers
Computerworld - Google Inc. patched three vulnerabilities in the Windows version of Chrome earlier this week, marking the second time that it has plugged security holes in the browser this month.
Tuesday's update to Chrome 18.104.22.1684 fixed three flaws rated "high," the second-most-severe threat ranking in Google's four-step system. Danish vulnerability tracker Secunia rated the update as "highly critical" under its own severity ranking.
As is Google's practice, technical details of the vulnerabilities were hidden from public view, a tactic the company uses to prevent attackers from accessing the information until the majority of users have updated to the new version.
Researchers credited with reporting two of the flaws were awarded bonuses as part of Google's bug bounty program, which kicked off in January. Most flaws earn their finders $500, but researcher Jordi Chancel was handed $1,000 for the cross-origin bypass vulnerability he found in Chrome's handling of Google URL, a code library used to parse large numbers of Web addresses.
Google patched the "stable" channel (stable is the term Google uses in place of final) of the Windows version of Chrome but left the Mac and Linux versions of the browser untouched, since they have not yet left the "beta" channel.
The update was the second in two weeks for Chrome: Google also patched the Windows edition on April 20, quashing seven vulnerabilities, four of them ranked "high" and three labeled "medium," the next-lowest rating. Most of those flaws had been found by Google's own security engineers, but the company paid $500 each to two outside researchers for reporting bugs.
Google typically patches Chrome more frequently than rivals such as Microsoft Corp. and Mozilla patch their browsers, in part because the browser updates itself silently in the background without notifying the user. Chrome has been patched five times so far this year, while Microsoft has updated Internet Explorer twice in 2010, both times with emergency patches to close holes that hackers were already exploiting. Mozilla has also patched Firefox twice this year.
Chrome is the world's third-most-popular browser, accounting for approximately 6% of the browsers in use, according to the most recent numbers from Web metrics company NetApplications.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Networking in Computerworld's Networking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Networking White Papers | Webcasts