Google Chrome Updated for Six Security Flaws

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Google is updating its Chrome browser for Windows, fixing six security flaws in the first update of the Chrome 4 stable Windows build since it debuted at the end of January.

The new Chrome release also marks the first time that Google has publicly stated that it has paid a security researcher for finding a flaw in Chrome.

Under Google's new bug bounty program -- the Chromium Security Award, which pays researchers for responsibly reporting security issues to the company -- researcher Timothy Morgan of Virtual Security Research reported an HTTP authentication flaw in Chrome, which Google rated as medium in severity.

For his efforts, Google awarded Morgan $500. However, according to Google Chrome Program Manager Anthony Laforge, Morgan donated the Google reward to the Haiti relief effort. Laforge noted in a blog post that Google then upped the donation to $1,337.

The Chrome update also tackles three vulnerabilities that Google has rated as having a high severity. The three high-severity flaws fixed in the update include what Laforge described as integer overflows in the v8 JavaScript engine, an error processing the Ruby tag and an integer overflow deserializing sandbox message.

Google has not provided much detail on the three vulnerabilities as of press time, noting in its advisory that, "the referenced bugs may be kept private until a majority of our users are up to date with the fix."

As opposed to browsers from Mozilla, Apple and Microsoft, Google Chrome users do not need to manually update Chrome themselves. Chrome has an auto-update mechanism that is supposed to keep Chrome users up-to-date. It's a mechanism that Google in the past has said keeps its users more up-to-date than rival browser vendors.

In May 2009, a Google-assisted study reported that Google's log files show that after 21 days of a Google Chrome release, 97 percent of users were updated to the latest version. Mozilla Firefox had 85 percent of users updated within 21 days. Apple's Safari only had 53 percent of users updated.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.