Google fixes 19 flaws in Chrome, pays researchers $14,000

The security update to Chrome 9.0.597.107 fixed 16 flaws rated as “high” – second to “critical” in terms of severity – and 3 flaws rated as “medium.”

The flaws involved several Chrome components, including WebGL, the hardware accelerated 3D graphics API; scalable vector graphics (SVG) rendering and animation; and the browser's address bar.

Google locked its bug tracking database to prevent outsiders from viewing the technical details of the flaws, according to a report by Computerworld. Google blocks public access to flaws to give users time to update.

The security update comes a week before the Pwn2Own hacking contest being held at the CanSecWest security conference in Vancouver. Google is offering to pay $20,000 and provide a CR-48 notebook computer to anyone who can hack into Chrome at the contest.

To ensure that Chrome is hack-proof, Google last month fixed a critical flaw in Chrome involving a “race condition in audio handling” that was uncovered by the gamers of Reddit. That flaw could be exploited to bypass the Chrome sandbox, noted Vupen Security. Google also fixed eight other flaws at that time.

What’s Hot on Infosecurity Magazine?