Chrome 28 Blinks
Google pays researcher record $21,500 for reporting bugs in sync service
Computerworld - Google on Tuesday released Chrome 28, the first polished version of the browser to use the company's home-grown "Blink" rendering engine.
On Windows, the upgrade also sported Google's new notification service that lets developers of Chrome apps and add-ons display messages and alerts outside the browser window.
The upgrade was the first since May 21, when Google shipped Chrome 27 and touted some minor performance improvements.
Google announced in April that it was dropping the open-source WebKit browser engine -- at the time also used only by Apple's Safari -- and was instead launching Blink, a WebKit variant, to power Chrome. Since then, Opera Software's Opera has also adopted WebKit as an interim step before it eventually moves to Blink.
Google cited difficulties in adapting WebKit to Chrome, and in the first weeks after the announcement, stripped copious amounts of unnecessary-for-Chrome code from the fork that became Blink.
Previously, only the rougher "Dev" and "Beta" builds of Chrome relied on the Blink engine. Users can verify that Blink is present by typing chrome://version/ in the Chrome address-search bar, dubbed the "Omnibox."
Also included in Chrome 28 is new support for more sophisticated notifications that appear outside the browser pane and display even when the browser's not running. "Packaged apps" -- über-Web apps that look and behave like "native" code written specifically for the underlying OS -- and add-ons can push brief messages and alerts to Chrome users after their developers have enabled the feature.
Only the Windows version of Chrome 28 currently supports these next-generation notifications, but Google promised that the feature would soon make its way to OS X and Linux. On a Mac, Chrome notifications are not integrated with OS X Mountain Lion's Notification Center.
Along with the debut of Blink and notifications, Chrome 28 contained patches for 15 security vulnerabilities, one of them rated "critical," Google's most serious threat ranking. According to Google's terse security advisory, that flaw was a memory management bug -- dubbed a "use-after-free" vulnerability -- in the browser's network sockets code.
But while Colin Payne, who reported the bug, received an impressive reward of $6,267.40, another researcher was handed triple that.
Andrey Labunets was paid a record $21,500 for filing several vulnerability reports, including two in the Google synchronization service and an unknown number of others that Google said were "...since-fixed server-side bugs."
That last phrase and the amount paid were clues that Labunets discovered one or more flaws in a core Google service. In April, Google boosted bounties for vulnerability reports in its core websites, services and online apps, resetting the top reward to $20,000 for remote code executable bugs, those that attackers could use to slip malicious code onto a server or into an app or site.
Labunets is no stranger to large bug bounties. Earlier this year, after reporting a string of weaknesses in Facebook's authentication protocol, Labunets was awarded $9,500 by the social networking giant.
Altogether, Google this week paid bounties totaling $34,901 to six researchers, including Payne and Labunets, for reporting eight different bugs. Through Tuesday, the Mountain View, Calif., company has awarded nearly $250,000 thus far this year in bounties or hacking contest prizes.
Users can download Chrome 28 from Google's website. Active users can simply let the automatic updater retrieve the new version.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
- Mozilla ships Metro Firefox beta for Windows 8
- Mozilla defers Firefox's new 'Australis' UI to April
- Mozilla resets Metro Firefox ship date to mid-March
- Mozilla ships Firefox 26 with opening click-to-play move
- Mozilla banked $274M in '12 from Google-Firefox search deal
- Google trumpets Chrome's SPDY gains
Read more about Web Apps in Computerworld's Web Apps Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Face Time Anytime Real-time communications facilitates team collaboration from nearly anywhere in the world. With facts and figures you can use to justify an investment
- Riverbed Stingray Application Firewall: Securing Cloud Applications with a Distributed Web Application Firewall Responsibility over IT security is moving away from the network and IT infrastructure and to the application and software architecture itself. IT organizations...
- Now is the time to implement a video conference solution Video conferencing is getting a lot of buzz lately due to the recent cost decrease, making it tangible for many law firms. It's...
- Video drives engagement Achieving maximum results means building a solid platform and network infrastructure. As digital age unfolds, it's clear that the ability to communicate effectively...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Web Apps White Papers | Webcasts