Google details Chrome browser security-testing technology
- 27 April, 2012 05:34
- Comments
Since late last year, Google has been using an industrial-strength testing system to identify, analyze and fix security holes in its Chrome browser, helping it significantly cut down on the number of vulnerabilities that slip through to the most recent version product in production.
Google calls the system ClusterFuzz. It's made up of "several hundred" virtual machines loaded with about 6,000 Chrome instances, subjecting them to about 50 million test cases every day, the company said on Thursday.
The system's capacity is projected to quadruple in the coming weeks. Since its full deployment late last year, ClusterFuzz has flagged 95 unique vulnerabilities, 44 of which were fixed before making it into the most recent stable release of the browser, according to a Google blog post.
In addition to benefiting users of the product, the detections also help open-source software used by Chrome like WebKit and FFmpeg, because Google submits vulnerability reports to their project teams.
In addition to running the tests and detecting browser crashes, ClusterFuzz is also used to manage the distribution of test cases, analyze the crashes to determine if they involve a security hole that can be exploited, and verify if a vulnerability has been properly fixed.
Juan Carlos Perez covers enterprise communication/collaboration suites, operating systems, browsers and general technology breaking news for The IDG News Service. Follow Juan on Twitter at @JuanCPerezIDG.
Recommended
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
Why change management doesn’t work
-
Larry Page wants to see your medical records
-
Dual-Persona Smartphones Not a BYOD Panacea
-
After two-year hiatus, EFF accepts bitcoin donations again
-
CIOs struggle to deliver timely mobile business apps: survey
-
Mobile Load - Performance Testing for Mobile Applications
Key mobile trends and analysis on how performance testers must change their testing methodologies to ensure they are accounting for the changes caused by mobile usage. Download today. -
Securing the Road to Virtualization and Beyond
Traditional security controls for enterprise don’t necessarily translate into the new world of virtualisation and cloud environments. When mapping out a secure virtualisation roadmap, click to find out about pave a more secure, risk free path. -
Vodafone Ireland Implements World-Class Service Excellence with HP BSM
Shane Gaffney, head of IT operations explain how HP Business Service Manager solutions have helped Vodafone to transform from a reactive to a proactive IT Operations function, and to align their priorities to match the business and drive business value, delivering 300% ROI in one year. Download today.
Get exclusive access to Invitation only events CIO, reports & analysis. 
