Critical Security Update Released for Google Chrome

By on January 13th, 2011 08:58 GMT

Chrome 8.0.552.334 was released as a security update for the stable channel of Google's increasingly popular browser and contains fixes for a flurry of vulnerabilities.

In total, there were sixteen security issues patched, two of which were rated with medium risk, thirteen with high and one with critical.

The critical flaw is a stale pointer in speech handling and its discovery is credited to regular Chrome security contributor Sergey Glazunov.

The find earned Mr. Glazunov the first $3133.7 (elite) prize ever awarded since the Google Chrome bug bounty program was launched a year ago.

"We’re delighted to offer our first "elite" $3,133.7 Chromium Security Reward to Sergey Glazunov. Critical bugs are harder to come by in Chrome, but Sergey has done it," the Google Chrome team writes.

In addition, the researcher won a "leet" $1,337 prize for a high-risk bad pointer handling issue in node iteration, as well as well as $1,000 each for three other high risk vulnerabilities.

This brings Mr. Glazunov's total bug bounty earnings to almost $7,500, which is a record for money rewarded to a single researcher in a single Chrome release.

Other regular bug hunters like kuzzcc and Aki Helin of the Oulu University Secure Programming Group (OUSPG) were also awarded for discovering flaws patched by this version.

Out of the sixteen vulnerabilities addressed, only three were not accompanied by any reward, because they were discovered by members of Google's Security Team or the Chromium development community.

Google also notes that some security researchers who qualify for a reward can't or don't want to receive it. In such cases the money gets donated to a charity organization of their choosing or to the Red Cross, if they don't make any suggestion.

The latest version Google Chrome for Windows can be downloaded from here.

The latest version Google Chrome for Linux can be downloaded from here.

The latest version Google Chrome for Mac can be downloaded from here.

Comments