Chrome 28 Blinks
Google pays researcher record $21,500 for reporting bugs in sync service
Computerworld - Google on Tuesday released Chrome 28, the first polished version of the browser to use the company's home-grown "Blink" rendering engine.
On Windows, the upgrade also sported Google's new notification service that lets developers of Chrome apps and add-ons display messages and alerts outside the browser window.
The upgrade was the first since May 21, when Google shipped Chrome 27 and touted some minor performance improvements.
Google announced in April that it was dropping the open-source WebKit browser engine -- at the time also used only by Apple's Safari -- and was instead launching Blink, a WebKit variant, to power Chrome. Since then, Opera Software's Opera has also adopted WebKit as an interim step before it eventually moves to Blink.
Google cited difficulties in adapting WebKit to Chrome, and in the first weeks after the announcement, stripped copious amounts of unnecessary-for-Chrome code from the fork that became Blink.
Previously, only the rougher "Dev" and "Beta" builds of Chrome relied on the Blink engine. Users can verify that Blink is present by typing chrome://version/ in the Chrome address-search bar, dubbed the "Omnibox."
Also included in Chrome 28 is new support for more sophisticated notifications that appear outside the browser pane and display even when the browser's not running. "Packaged apps" -- über-Web apps that look and behave like "native" code written specifically for the underlying OS -- and add-ons can push brief messages and alerts to Chrome users after their developers have enabled the feature.
Only the Windows version of Chrome 28 currently supports these next-generation notifications, but Google promised that the feature would soon make its way to OS X and Linux. On a Mac, Chrome notifications are not integrated with OS X Mountain Lion's Notification Center.
Along with the debut of Blink and notifications, Chrome 28 contained patches for 15 security vulnerabilities, one of them rated "critical," Google's most serious threat ranking. According to Google's terse security advisory, that flaw was a memory management bug -- dubbed a "use-after-free" vulnerability -- in the browser's network sockets code.
But while Colin Payne, who reported the bug, received an impressive reward of $6,267.40, another researcher was handed triple that.
Andrey Labunets was paid a record $21,500 for filing several vulnerability reports, including two in the Google synchronization service and an unknown number of others that Google said were "...since-fixed server-side bugs."
That last phrase and the amount paid were clues that Labunets discovered one or more flaws in a core Google service. In April, Google boosted bounties for vulnerability reports in its core websites, services and online apps, resetting the top reward to $20,000 for remote code executable bugs, those that attackers could use to slip malicious code onto a server or into an app or site.
Labunets is no stranger to large bug bounties. Earlier this year, after reporting a string of weaknesses in Facebook's authentication protocol, Labunets was awarded $9,500 by the social networking giant.
Altogether, Google this week paid bounties totaling $34,901 to six researchers, including Payne and Labunets, for reporting eight different bugs. Through Tuesday, the Mountain View, Calif., company has awarded nearly $250,000 thus far this year in bounties or hacking contest prizes.
Users can download Chrome 28 from Google's website. Active users can simply let the automatic updater retrieve the new version.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
- IE6: Retired but not dead yet
- Chrome users won't give up, keep pressing Google to restore old-style new tab page
- Google quashes 31 vulnerabilities, restores Metro mode 'steppers' with Chrome 34
- Firefox's UI face-lift on track for April debut
- Ex-Mozilla engineer blames Microsoft's rules for Metro Firefox's death
- Mozilla patches 20 Firefox flaws, plugs Pwn2Own holes
- Google reverses field, promises to restore Chrome's scrollbar arrows
- Update: Google ships Chrome 33, patches 28 bugs
- Mozilla's top exec defends in-Firefox ads, revenue search
- Mozilla taps in-Firefox ads as it searches for more revenue
Read more about Web Apps in Computerworld's Web Apps Topic Center.
- Six Ways Your Small Business Can Save with Internet Phone Service Traditional phone systems present two main problems for businesses: limited features and high costs. As a result, small businesses are migrating to Internet...
- Face Time Anytime Real-time communications facilitates team collaboration from nearly anywhere in the world. With facts and figures you can use to justify an investment
- Now is the time to implement a video conference solution Video conferencing is getting a lot of buzz lately due to the recent cost decrease, making it tangible for many law firms. It's...
- Video drives engagement Achieving maximum results means building a solid platform and network infrastructure. As digital age unfolds, it's clear that the ability to communicate effectively...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Web Apps White Papers | Webcasts