Google doles out $10,000 in bounties for fixes in latest Chrome browser

Google gave out its highest ever single bounty award to researcher Sergey Glazunov for reporting a same origin bypass in v8, the JavaScript engine in Chrome.

“We’d also like to call particular attention to Sergey Glazunov’s $3133.7 reward. Although the linked bug is not of critical severity, it was accompanied by a beautiful chain of lesser severity bugs which demonstrated critical impact. It deserves a more detailed write-up at a later date”, Jason Kersey of Goggle said in the Chrome update notice.

In addition to the security fixes, the browser update added a malicious file download warning that alerts users if files are downloaded from malicious sites.

“Chrome now warns you before downloading some types of malicious files. We’ve carefully designed this feature so that malicious content can be detected without Chrome or Google ever having to know about the URLs you visit or the files you download”, Adrienne Walker, a software engineer at Google, said in a blog post.

In addition, the new Chrome browser gives users the ability to delete Adobe Flash Player’s local shared objects (LSOs), known as Flash cookies, from inside the Chrome control panel. Previously, users had to visit an Adobe website in order to delete the cookies. “We’ve worked closely with Adobe to integrate Flash LSO deletion directly into Chrome, making it easier for you to manage your online privacy”, Walker explained.

Chrome version 12 comes six weeks after version 11, part of Google's “release early, release often” strategy detailed in a July 22, 2010, blog post. The version 11 update fixed 25 security flaws in the Chrome browser.

What’s hot on Infosecurity Magazine?