Chrome update fixes a critical vulnerability

ONLY THREE DAYS after issuing an emergency update to resolve a Microsoft Security Essentials false positive incident, Google released another stable version of its Chrome browser, this time addressing a number of security vulnerabilities.

Chrome 14.0.835.202 contains the much anticipated and hardware accelerated Flash Player 11, as well as important security and stability patches.

Regular Chrome security contributors Sergey Glazunov, the leader of Chrome's security hall of fame, and miaubiz earned all of the bounty money Google awarded for this release.

Glazunov took home a total of $8,000, $1,500 for finding memory corruption in v8 hidden objects, $2,000 for an inappropriate cross-origin access condition involving the window prototype and $4,500 for three use-after-free vulnerabilities in v8 bindings.

Meanwhile, miaubiz reported an issue involving a stale font in SVG text handling and a use-after-free flaw in text line box processing and earned $1,000 for each.

Another severe vulnerability that wasn't rewarded was discovered by Inferno from Google Chrome's own security team and consisted of lifetime and threading issues in audio node handling.

However, the most important flaw patched in this release was found by Zhenyao Mo of the Chromium development community and is rated as critical, a severity rating rarely seen in Chrome advisories. The vulnerability could lead to an exploitable memory corruption in the shader translator.

The Chromium security reward programme is a great example of how software companies can successfully engage security researchers and motivate them to audit their products. Google has paid well over $100,000 through the programme since launching it in January 2009, but this is a very small sum compared to what it would have paid consultancies for security audits to find the same number of bugs. µ