{"id":3189,"date":"2011-09-19T13:18:33","date_gmt":"2011-09-19T12:18:33","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3189"},"modified":"2015-09-09T19:37:07","modified_gmt":"2015-09-09T11:37:07","slug":"google-patches-32-chrome-browser-bugs-releases-version-14","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2011\/09\/google-patches-32-chrome-browser-bugs-releases-version-14\/","title":{"rendered":"Google Patches 32 Chrome Browser Bugs & Releases Version 14"},"content":{"rendered":"

Google<\/a> and their Chrome<\/a> browser have really been stepping things up lately when it comes to security and browsing, we reported not along ago on Google Chrome To Protect Users Against Malicious Executables<\/a>.<\/p>\n

Also since we reported on the Chrome bug bounty<\/a> program back in February 2010 – Google Willing To Pay Bounty For Chrome Browser Bugs<\/a> – it seems to have been a great success.<\/p>\n

They’ve paid out a fair amount of money and patched 32 vulnerabilities in the latest version of Chrome (v14) – do note though, none of the vulnerabilities were of a critical level.<\/p>\n

Google today patched 32 vulnerabilities in Chrome, paying more than $14,000 in bug bounties as it also upgraded the stable edition of the browser to version 14.<\/p>\n

The company called out a pair of developer-oriented additions to Chrome 14 and noted new support for Mac OS X 10.7, aka Lion, including full-screen mode and vanishing scrollbars.<\/p>\n

Google last upgraded Chrome’s stable build in early August. Google produces an update about every six weeks, a practice that rival Mozilla also adopted with the debut of Firefox 5 last June.<\/p>\n

Fifteen of the 32 vulnerabilities were rated “high,” the second-most-serious ranking in Google’s four-step scoring system, while 10 were pegged “medium” and the remaining seven were marked “low.”<\/p>\n

None of the flaws were ranked “critical,” the category usually reserved for bugs that may allow an attacker to escape Chrome’s anti-exploit sandbox. Google has patched several critical bugs this year, the last time in April.<\/p>\n

Six of the vulnerabilities rated high were identified as “use-after-free” bugs, a type of memory management flaw that can be exploited to inject attack code, while seven of the bugs ranked medium were “out-of-bounds” flaws, including a pair linked to foreign language character sets used in Cambodia and Tibet. <\/p><\/blockquote>\n

I think the whole bug bounty model is great, I mean look at it this way – Google has paid out $14,000 in bug bounties for these vulnerabilities. That’s a small fraction of what it would cost to get a ‘professional’ company to do as a VA or code-audit<\/a> on the software.<\/p>\n

Plus for the researchers, they get to practise their skills and make a little pocket money on the side. I don’t expect anyone to hand over any critical 0-day<\/a> type exploits for the amount Google is offering, but still – it makes the browser more secure.<\/p>\n

And at the end of the day, more secure browsers make for less virus laden family members and colleagues (and less of that annoying work which we can’t escape for us).<\/p>\n