The 20 flaws being fixed include one critical flaw – a race condition after crash of utility process – and six high-risk vulnerabilities, according to the Chrome release announcement.
Google is doling out $10,500 in bug bounties to seven researchers for help finding and plug Chrome flaws. A top award of $3133.70 was given to Aki Helin of Oulu University Secure Programming Group (OUSPG). Other researchers receiving awards include miaubiz, Drew Yao and Braden Thomas of Apple, Slawomir Blazek, and Chamal de Silva and Atte Kettunen of OUSPG.
Chrome 17 includes a new security feature to check for malicious downloads. “In addition to checking a list of known bad files, Chrome also does checks on executable files (like ‘.exe’ and ‘.msi’ files). If the executable doesn't match a whitelist, Chrome checks with Google for more information, such as whether the website you're accessing hosts a high number of malicious downloads”, explained Noe Lutz, software engineer with Google.
In addition, Google announced that it would no long check online for revoked SSL certificates because of the unreliability of the process. "An attacker who can intercept HTTPS connections can also make online revocation checks appear to fail and so bypass the revocation checks," Google security engineer Adam Langley said in a blog post.