Establishing Digital Trust: Don't Sacrifice Security for Convenience
Google is out with the latest security patch update for its Chrome Web browser. Chrome stable 13.0.782.215 fixes at least 11 security flaws across Windows, Mac and Linux versions of the browser.
Among the 11 flaws is one that Google has rated as being Critical, which is a rarely given classification by Google. The critical flaw is officially titled, "Memory corruption in vertex handling". A vertex is a type of graphical shape that Chrome is able to render. The vertex flaw only affects Windows versions of Chrome.
The vertex handling flaw was discovered by security researcher Michael Braithwaite of Turbulenz Limited. For his efforts, Google is awarding Braithwaite $1,337 as a Chromium Security Award. The security award program started back in 2010 with the Chrome 184.108.40.206 release.
The $1,337 award is actually the second highest award that Google gives to security researchers. There is also the 'elite' flaw for which Google will pay $3,133.70.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
In total for the Chrome 13.0.782.215 release, Google is paying securing researchers $8,837 in security awards. In addition to the critical flaw fixed in Chrome 13.0.782.215, there are also nine flaws that Google has rated as being high impact.
For Chrome's Linux users there is also a high impact flaw in the integrated PDF reader. Google identifies the flaw as a buggy memset() function. The memset function initializes a block of memory for use.
While Google is patching Chrome 13, development on Chrome 14 and 15 continues to move forward. Chrome 14 will include Google's implementation for running native code on the browser.