Google Updates Chrome Ahead of PWN2OWN

Google is out with an update for its Chrome Web browser with fixes for at least 19 security issues.

The Chrome 9.0.597.107 update comes barely a month after Chrome 9.0.597.94 was released with five security fixes. Chrome 9 is still a relatively new, stable browser having only been officially released at the beginning of February.

Of the 19 vulnerabilities fixed in Chrome 9.0.597.107, Google has rated 15 of them as having high impact. Google is also paying out $14,000 in security awards to the researchers that discovered the high impact vulnerabilities.

The security awards are part of the Chromium Security Award Program, which was officially launched in January of 2010. With the Chrome 9.0.597.107, Google has now paid out a total of $100,000 to security researchers as part of the program. Google is not alone in paying security researchers for flaws as Mozilla rewards researchers for security flaws as well.

Among the high impact flaws fixed in Chrome 9.0.597.107 are a number of stale pointer flaws that could potentially lead to a browser being exploited. The stale pointer flaws include elements that affect the stylesheet node, keyframe rule, table rendering, SVG animations, device orientation and layout.

Crash fixes also make up a good number of the fixed flaws. Crashes stemming from JavaScript dialogs, forms controls, SVG rendering and test area handling have been fixed in Chrome 9.0.597.107.

Chrome 9.0.597.107 also addresses a URL bar spoofing issue that potentially could lead to a phishing attack.

The latest Chrome update comes a week before Google’s browser is set to face a critical test at the PWN2OWN browser hacking contest. The PWN2OWN contest, which is sponsored by HP TippingPoint, challenges security researchers to find flaws in browsers during a live event. HP TippingPoint pays researchers for the flaws they find and keeps the vulnerabilities under wraps until the browser vendors are able to issue a patch. Normally it’s just HP TippingPoint that offers rewards to researchers, but Google is jumping into the fray this year.

Google is set to award $20,000 to the security research that is able to successfully demonstrate a security flaw in Chrome.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.

Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Top Products

Top Cybersecurity Companies

Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...

Top CASB Security Vendors for 2021

Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application security and integrity. After carefully surveying the...

Top Endpoint Detection & Response (EDR) Solutions for 2021

Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...

Top Next-Generation Firewall (NGFW) Vendors

Cybersecurity is getting more complicated, and so are security products. NGFWs are no exception, and IoT devices and the work-from-home craze that began in...

Related articles