ID: IRCNE2011081205
Date: 2011-08-03
According to “Computerworld”, Google patched 30 vulnerabilities in Chrome yesterday, paying out the third-highest bounty total ever for the bugs that outsiders filed with its security team.
The company packaged the patches with an update to Chrome 13, adding Instant Pages to the "stable" channel of the browser. The feature, which Google earlier tucked into Chrome 13 previews, proactively pre-loads some search results to speed up browsing.
Google last upgraded Chrome's stable build in early June. Like Mozilla, which this year shifted to a rapid-release schedule, Google produces an update about every six-to-eight weeks.
Fourteen of the 30 vulnerabilities patched today were rated "high," the second-most-serious ranking in Google's four-step scoring system, while nine were pegged "medium" and the remaining seven were labeled "low."
None of the flaws were ranked "critical," the category usually reserved for bugs that may allow an attacker to escape Chrome's anti-exploit sandbox.
Most of the vulnerabilities rated as a high threat -- nine of the 14 -- were identified as "use-after-free" bugs, a type of memory management flaw that can be exploited to inject attack code.
As it always does, Google locked down the Chrome bug-tracking database for the 30 vulnerabilities to prevent outsiders from obtaining details on the underlying flaws. The company bars the public from the database to give users time to update, sometimes waiting months before lifting the embargo.
Google also added several features to Chrome 13, with Instant Pages leading the list.
- 2