Google adds pix search to Chrome, squashes 50 bugs

Pays $27,000 in bug bounties to a baker's dozen of outside researchers

Google on Tuesday updated Chrome to version 30, patching 50 vulnerabilities and paying outsider researchers $27,000 in bounties along the way.

The Mountain View, Calif. company highlighted only one change in the newest desktop Chrome: Image search.

"Starting this week, all Chrome users will be able to search by image," said Kibeom Kim, a Chrome engineer, in a short post to a company blog.

By right-clicking an image displayed in Chrome, then selecting "Search Google for this image," the browser will show other image results culled from Google's search engine.

Google typically calls out only some of the new features or improvements in an upgrade, but this month's list was abnormally short. The company has been criticized in the past for barely moving the needle with each iteration.

Along with the new feature and the usual collection of stability and performance fixes, Chrome 30 patched 50 security vulnerabilities.

Until July 30, Google had not revealed the number of patched flaws in each Chrome update. Prior to May, the company published what appeared to be a complete list -- although minus an official count -- but from late May though late July, it disclosed a subset of quashed bugs, those deemed "particularly interesting," or which called out researchers who reported issues or who had been awarded bounties.

Starting two months ago, Google began naming the number of fixed flaws, though it continued to provide information about only a subset.

On Tuesday, for example, it listed 19 the 50 patched vulnerabilities in its advisory. Ten of the 19 were rated "high," Google's second-most-serious threat ranking, with seven of the 10 marked as "use-after-free" bugs, a type of memory management flaw that Google's researchers -- both those employed by the company and independent bug hunters -- have shown expertise in rooting out. That's in large part because Google makes its AddressSanitizer memory error detector available to everyone.

Google paid 13 different researchers a total of $27,000 in bounties, with more than a quarter -- $7,500 -- going to Atte Kettunen of Finland's Oulu University. Nearly a third -- $8,000 -- went to a threesome of Kettunen and frequent bounty recipients "cloudfuzzer" and "miaubiz," for reporting bugs during earlier stages of development so that they were squashed before work on the "stable" build began.

The bug bounty payout total for 2013 stands at nearly $283,000, about $90.000 shy of last year's record.

Google also updated Chrome for Android Tuesday with support for three new touchscreen gestures, including swiping horizontally to switch tabs and dragging down from the toolbar to see the tab switcher view.

Chrome for Android hasn't replaced the more bare-bones stock Android browser in user share, according to metric company Net Applications, but it has been on a rapid climb: By the end of September, Chrome accounted for 6.3% of all mobile browsers, up 5.1 percentage points in the past 12 months.

Google's browser is also available for iOS.

Those who haven't tried Chrome on the desktop can download version 30 for Windows, OS X and Linux from Google's website. Current users can simply let the automatic updater retrieve the new version.

Chrome 30 search
Chrome 30 now lets users search for similar images with a right-click of the mouse.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at  @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is

See more by Gregg Keizer on

Copyright © 2013 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon