The 13 flaws that were fixed in Chrome include issues with XPath handling, browser history, video indexing, and SVG animations. Four of the bugs were listed as “high” level, five were listed as “medium”, and four were listed as “low”.
For identifying the bugs, Google dished out $4000 in bounties to researchers. Since mid-August, Google has handed out more than $29 000 in bug bounties, according to Computerworld.
Google issued the “latest Stable release” of its Chrome 8 browser (8.0.552.215) with over 800 bugs fixed, stability improvements, and a built-in PDF viewer secured in Chrome’s sandbox; the PDF viewer is being offered as an alternative to the troublesome Adobe Reader.
Google announced a sandbox for Adobe’s PDF Reader earlier this year. A sandbox is a security measure to separate running programs; it provides a controlled set of resources and prevents applications from accessing protected resources.
Last month, Google announced a prototype sandbox for the Adobe Flash Player to reduce the risk of operating the software in the Chrome browser. Adobe is working on additional defenses for the Flash Player, such as JIT spraying mitigation, to protect end users. Adobe is also working with other browser vendors on sandbox approaches for Flash Player.