Google Chrome 16 released, $6,000 issued for bug bounties

Google patched 15 vulnerabilities in Chrome on Tuesday, paying $6,000 in bounties to bug hunters who reported some of them, and updated the browser to version 16.

The one new feature in the upgrade that Google called out wasmulti-user synchronization of bookmarks, passwords and apps.

Google last refreshed Chrome seven weeks ago on Oct 25.Google producesan update to its “stable” channel about every six to eight weeks, aslightly more flexible schedule than rival Mozilla’s every-six-weekpace.

Six of the 15 vulnerabilities patched Tuesday were rated “high,” thesecond-most-serious ranking in Google’s system, while seven werelabeled “medium” and another two were tagged as “low.”

Google paid $6,000 in bounties, or less than a fourth ofwhat it laidout in October, to five researchers for reporting seven bugs. The eightother vulnerabilities were uncovered by members of Google’s ownsecurity team, developers who contribute to the open-source Chromiumproject — which feeds code to Chrome — or were ranked low and so noteligible for a bonus.

The company has paid just over $180,000 so far this year in bounties tooutside researchers.

Several of the bugs, including a pair attributed to independentresearcher Arthur Gerkis — who earned $2,000 for his work — werefound using Google’s memory error detection tool, AddressSanitizer.Released in June, AddressSanitizer can detect a variety of errors,including “use-after-free” memory management bugs like those reportedby Gerkis.

Four of the flaws were related to Google’s parsing of PDF documents –the browser includes a built-in PDF viewer, eliminating the need tolaunch Adobe’s free Reader application — while two others were foundin Chrome’s processing of SVG (scalar vector graphics) images.

Per its usual practice, Google blocked access to its bug trackingdatabase for all 15 vulnerabilities to prevent outsiders from obtainingdetails that could be used to craft exploits. Google typically opens upthe database weeks or even months later, after it’s sure a majority ofusers have had their browsers upgraded by Chrome’s silent updatingprocess.

Chrome set to surpass Firefox
Google usually includes only a handful of obvious changes in eachChrome upgrade, and held to that practice yesterday: The sole featureit touted was the option to add additional users to Chrome so thatseveral people could use the browser on a shared Mac or PC, but keeptheir synchronized content — bookmarks, passwords, installed apps, andmore — separate.

The multi-use sync debuted in early November in a beta of Chrome 16.

Chrome 16 can now separately sync bookmarks and passwords for severalpeople who share one computer.

According to Irish metrics company StatCounter, Chrome accounted fornearly 26% of all browsers used last month, enough to pass Firefox andtake second place behind Microsoft’s Internet Explorer (IE).

Another measurement firm, U.S.-based Net Applications, still had Chromebehind Firefox, but projections based on its data showed that Google’sbrowser would jump Mozilla’s no later than May 2012.

Chrome 16can be downloaded for Windows, Mac OS X and Linux from Google’s Website. Users already running the browser will be updated automaticallyvia the browser’s behind-the-scenes service.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs