Google squashes 10 Chrome bugs as $100K Pwn2Own hacking prize looms
Also releases Chrome 25 for Apple's iPhone and iPad, promises search improvements
Computerworld - Google today patched 10 vulnerabilities in Chrome, just two days before the start of Pwn2Own, a hacking contest that has $100,000 in prize money waiting for the first researcher to crack the browser.
In an update Monday for the Windows and Linux versions -- Google patched the OS X edition on Friday -- the company fixed 10 flaws, six of them marked as "high," the second-most-serious threat ranking. Of the remaining bugs, three were pegged as "medium" and one as "low."
Today's patches follow a larger batch issued Feb. 21, and further harden Chrome as it faces Pwn2Own, the hacking challenge that kicks off March 6 at the CanSecWest security conference in Vancouver, British Columbia.
Google has contributed money to Pwn2Own's prize pool, which includes a $100,000 award to the first researcher who hacks the current version of Chrome on Windows 7.
Pwn2Own will put a record $560,000 on the line over its three days, with prizes awarded on a sliding scale aligned with the anticipated difficulty of each hack. The first researcher to successfully exploit Internet Explorer 10 (IE10) on Windows 8 will receive $100,000, for example, while the first able to crack Firefox on Windows 7 will get $60,000.
IE9, Safari on OS X, Adobe Flash and Adobe Reader, and Oracle Java will also pose as targets.
Of the 10 vulnerabilities patched today, four were reported by three independent researchers, who received a total of $5,000 from Chrome's bug bounty program. So far this year, Google has paid out $15,500 in bounties.
Other browser makers have also recently patched their software, perhaps with an eye on Pwn2Own.
Three weeks ago, Microsoft updated all versions of IE, including IE9 and IE10 -- both Pwn2Own targets -- with 14 patches. Twelve of those were rated "critical" by Microsoft for IE9, while five were tagged the same for IE10.
On Feb. 19, Mozilla released Firefox 19, patching 13 vulnerabilities, 10 of which were labeled critical.
Also on Monday, Google updated Chrome for Apple's iOS operating system to version 25, matching the moniker of the desktop edition. According to a brief release note, Chrome 25 for iOS will also sport new search features "over the coming days" that show the search string in the browser's "omnibox," Google's term for the address field, and let users refine queries from the search results page.
Chrome for iOS can be downloaded free of charge to an iPhone, iPad or iPod Touch from Apple's App Store.
Chrome for iOS is currently No. 94 on the App Store's iPhone free-app download list, and No. 50 on the corresponding iPad list.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Malware and Vulnerabilities White Papers |