Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Google patches several serious Chrome bugs

Critical vulnerability disclosed Monday was actually fixed earlier this month

Google yesterday patched four vulnerabilities in Chrome, and disclosed that it had patched a fifth two weeks ago.

The refresh of Chrome 16 was the second security-related update for the browser this month.

One of the five bugs Google said had been quashed was actually a leftover from the Jan. 9 update. According to a blog post by Anthony Laforge, a Chrome program manager, that flaw was actually patched two weeks ago, but "[was] accidentally excluded from the release notes" at the time.

The vulnerability was the most serious of the five, rating a "critical" ranking, Google's top threat label.

According to the bug-tracking materials for Chromium, the open-source project that feeds code into Chrome, the critical bug caused the browser to crash when users saw Chrome's anti-malicious site warning and then refreshed the page.

Researcher Chamal de Silva reported the vulnerability in mid-December 2011, and was awarded $3,133 -- Google's highest bounty -- for his work. de Silva's bug was only the third time Google has paid out the $3,133 maximum, and the first time since June 2011.

In July 2010, Google boosted its top dollar bounty from $1,337 to $3,133, making the move less than a week after rival Mozilla increased Firefox bug bounties to $3,000.

Two other researchers who reported three of the remaining vulnerabilities were paid a total of $3,000 in bounties. Those bugs were rated as "high" threats.

Google has paid out more than $8,000 so far this year to independent researchers for filing bug reports. Last year, the search giant spent more than $180,000 on bounties.

Chrome accounted for 19.1% of all browsers used last month, a record for Google, according to Web metrics firm Net Application. If its share movement continues on past pace, Chrome will crack the 20% mark either this month or next.

Chrome 16 , the current stable edition, can be downloaded from Google's website.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com .

See more articles by Gregg Keizer .

Read more about browsers in Computerworld's Browsers Topic Center.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Apple, Google, Microsoft, Mozilla, Topic
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: applications, browsers, Google, Malware and Vulnerabilities, mozilla, security, software
Latest Blog Posts
Whitepapers
  • EMC 15-Minute Guide to Smarter Backup Transform your future
    Backup and recovery has become fundamental part of business and an essential element of information management. Information is useless to customers, employees, or business partners can't access it when it is needed. Availability and integrity of information, of the lack of, can directly impact revenues and profits - as well as company reputations. Read more.
    Learn more »
  • A buyer’s guide to application lifecycle management (ALM) solutions
    This buyer's guide describes the key criteria for application lifecycle management (ALM) solutions for today's high-performance teams. It includes key considerations for enhancing your single- or multi-vendor ALM environment.
    Learn more »
  • IDC Case Study - EMC IT Increasing Efficiency, Reducing Costs, and Optimising IT with Data Deduplication
    This IDC Buyers Case Study: Explores the benefits EMC realised from the use of a range of EMC's own backup and recovery solutions that leverage deduplication technology; Identifies the unique backup challenges for different computing environments and how data deduplication can address these environments; Highlight EMC's legacy backup environment and the changes EMC made as part of a transformation process to increase efficiency, reduce cost and optimise IT - as part of its journey to the private cloud.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments