Google patches several serious Chrome bugs
Critical vulnerability disclosed Monday was actually fixed earlier this month
Computerworld - Google yesterday patched four vulnerabilities in Chrome, and disclosed that it had patched a fifth two weeks ago.
The refresh of Chrome 16 was the second security-related update for the browser this month.
One of the five bugs Google said had been quashed was actually a leftover from the Jan. 9 update. According to a blog post by Anthony Laforge, a Chrome program manager, that flaw was actually patched two weeks ago, but "[was] accidentally excluded from the release notes" at the time.
The vulnerability was the most serious of the five, rating a "critical" ranking, Google's top threat label.
According to the bug-tracking materials for Chromium, the open-source project that feeds code into Chrome, the critical bug caused the browser to crash when users saw Chrome's anti-malicious site warning and then refreshed the page.
Researcher Chamal de Silva reported the vulnerability in mid-December 2011, and was awarded $3,133 -- Google's highest bounty -- for his work. de Silva's bug was only the third time Google has paid out the $3,133 maximum, and the first time since June 2011.
In July 2010, Google boosted its top dollar bounty from $1,337 to $3,133, making the move less than a week after rival Mozilla increased Firefox bug bounties to $3,000.
Two other researchers who reported three of the remaining vulnerabilities were paid a total of $3,000 in bounties. Those bugs were rated as "high" threats.
Google has paid out more than $8,000 so far this year to independent researchers for filing bug reports. Last year, the search giant spent more than $180,000 on bounties.
Chrome accounted for 19.1% of all browsers used last month, a record for Google, according to Web metrics firm Net Application. If its share movement continues on past pace, Chrome will crack the 20% mark either this month or next.
Chrome 16, the current stable edition, can be downloaded from Google's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Desktop Apps White Papers | Webcasts