Chrome 28 Blinks
Google pays researcher record $21,500 for reporting bugs in sync service
Computerworld - Google on Tuesday released Chrome 28, the first polished version of the browser to use the company's home-grown "Blink" rendering engine.
On Windows, the upgrade also sported Google's new notification service that lets developers of Chrome apps and add-ons display messages and alerts outside the browser window.
The upgrade was the first since May 21, when Google shipped Chrome 27 and touted some minor performance improvements.
Google announced in April that it was dropping the open-source WebKit browser engine -- at the time also used only by Apple's Safari -- and was instead launching Blink, a WebKit variant, to power Chrome. Since then, Opera Software's Opera has also adopted WebKit as an interim step before it eventually moves to Blink.
Google cited difficulties in adapting WebKit to Chrome, and in the first weeks after the announcement, stripped copious amounts of unnecessary-for-Chrome code from the fork that became Blink.
Previously, only the rougher "Dev" and "Beta" builds of Chrome relied on the Blink engine. Users can verify that Blink is present by typing chrome://version/ in the Chrome address-search bar, dubbed the "Omnibox."
Also included in Chrome 28 is new support for more sophisticated notifications that appear outside the browser pane and display even when the browser's not running. "Packaged apps" -- über-Web apps that look and behave like "native" code written specifically for the underlying OS -- and add-ons can push brief messages and alerts to Chrome users after their developers have enabled the feature.
Only the Windows version of Chrome 28 currently supports these next-generation notifications, but Google promised that the feature would soon make its way to OS X and Linux. On a Mac, Chrome notifications are not integrated with OS X Mountain Lion's Notification Center.
Along with the debut of Blink and notifications, Chrome 28 contained patches for 15 security vulnerabilities, one of them rated "critical," Google's most serious threat ranking. According to Google's terse security advisory, that flaw was a memory management bug -- dubbed a "use-after-free" vulnerability -- in the browser's network sockets code.
But while Colin Payne, who reported the bug, received an impressive reward of $6,267.40, another researcher was handed triple that.
Andrey Labunets was paid a record $21,500 for filing several vulnerability reports, including two in the Google synchronization service and an unknown number of others that Google said were "...since-fixed server-side bugs."
That last phrase and the amount paid were clues that Labunets discovered one or more flaws in a core Google service. In April, Google boosted bounties for vulnerability reports in its core websites, services and online apps, resetting the top reward to $20,000 for remote code executable bugs, those that attackers could use to slip malicious code onto a server or into an app or site.
Labunets is no stranger to large bug bounties. Earlier this year, after reporting a string of weaknesses in Facebook's authentication protocol, Labunets was awarded $9,500 by the social networking giant.
Altogether, Google this week paid bounties totaling $34,901 to six researchers, including Payne and Labunets, for reporting eight different bugs. Through Tuesday, the Mountain View, Calif., company has awarded nearly $250,000 thus far this year in bounties or hacking contest prizes.
Users can download Chrome 28 from Google's website. Active users can simply let the automatic updater retrieve the new version.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
- Workarounds to purge search bar from Firefox's new tab page are available
- Mozilla ships Firefox 31, adds search to new tab page
- Microsoft's IE steps back from the brink of irrelevance
- Firefox falters, falls to record low in overall browser share
- Firefox risks user backlash by adding search box to new tab page
- Google unseats Microsoft as the U.S. browser powerhouse
- Safari, Chrome push to mask URLs
- Chrome on Windows champs at the 64-bit
- Google pulls trigger, cripples some Chrome add-ons
- Microsoft shoots to shorten Internet Explorer's long tail
Read more about Web Apps in Computerworld's Web Apps Topic Center.
- Simple Solution, Big Capability Meet growing employee and business demands by connecting up to 1,000 users with powerful collaboration capabilities with a single, integrated platform -- Cisco...
- The DDoS Threat Spectrum Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Need to Replace MS Threat Management Gateway? Read this article to learn how F5's Secure Web Gateway solution provides a full set of features that can help you successfully migrate...
- The Shortfall of Network Load Balancing Applications running across networks encounter a wide range of performance, security, and availability challenges as IT department strive to deliver fast, secure access...
- Cloud BI in Action: Recorded Webinar of Customer, Kony, Inc. See how Kony, Inc., a leading enterprise mobility company, is using TIBCO Jaspersoft for Amazon Web Services and Redshift to achieve embedded analytics...
- Cloud BI Overview: Jaspersoft for AWS Check out this overview of Jaspersoft for AWS, to easily and affordably build business intelligence solutions as well as embed visualizations and analytics... All Web Apps White Papers | Webcasts