Google Hardens Browser Ahead of Critical Hacker Test

Google is updating the stable version its Chrome Web browser for Window users this week, releasing version with at least eight patches for vulnerabilities that could have left users at risk of being exploited.

Security rating firm Secunia identified the vulnerabilities that Chrome is being updated for as “highly critical.” Google itself specifically identified five of the vulnerabilities with the rating of “high” — both the second-highest severity rating for each.

Google is not publicly providing any significant detail about its highly rated vulnerabilities other than to provide the names of the fixed issues.

“Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix,” Google wrote on the Chrome release blog.

The Chrome update comes at time when browser vendors are racing to fix vulnerabilities prior to the pwn2own hacking contest next week. Pwn2own occurs within the CanWestSec security conference in Vancouver, Canada, and provides participants with up to $100,000 of prize money for successfully exploiting technology. Part of the pwn2own contest involves a browser security event in which security experts aim to exploit browsers.

During the 2009 pwn2own event, all of the tested browsers, including Safari, Microsoft Internet Explorer and Mozilla Firefox, suffered exploits at the event.

WebKit and other Chrome vulnerabilities

One of the highly critical issues address in the new version of Chrome is titled “Integer overflows in WebKit JavaScript objects” and resulted from Google’s Security Award program, which pays researchers for responsibly reporting security issues to the company. Google paid a reward of $1,337 to security researcher Sergey Glazunov, the award’s winner, for reporting the WebKit flaw. Google first rewarded a research under the Chromium Security Award effort in February as part of the Chrome update.

WebKit is the core rendering engine used by both Chrome as well as Apple’s Safari Web browser. Safari was updated earlier this month to version 4.0.5, fixing 16 flaws in total, with nine fixes targeting a variety of security vulnerabilities in WebKit.

Unlike Apple, which provides industry-standard CVE (Common Vulnerabilities and Exposures) identifiers for its vulnerabilities, Google’s Chrome update does not, making it difficult to determine whether Google is fixing the same flaws fixed by Apple.

In addition to the WebKit flaw, Chrome provides other fixes for which Google paid out reward money — a memory error and a cross-origin bypass flaw.

Google has also updated the privacy features in Chrome to enable users more control over content settings such as cookies, images, JavaScript and plug-ins.

Sean Michael Kerner is a senior editor at, the news service of, the network for technology professionals.

Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Top Products

Related articles