This week Google has released the newest version of Google Chrome web browser and the fixes included memory corruption, address bar spoofing and browser crashes. Google took to the best digital bounty hunters on the web to help find what needed fixing and the group did not disappoint while the cost of the fixes came to a cool $10,000.
Digital Bounty Hunters took to the Chrome browser and the list of bugs that were found, with corresponding bounty, include;
- [$500] High Memory corruption with SVGs. Credit to wushi of team509.
- [$500] High Bad cast with text editing. Credit to wushi of team509.
- [$1000] High Possible address bar spoofing with history bug. Credit to Mike Taylor.
- [$2000] High Memory corruption in MIME type handling. Credit to Sergey Glazunov.
- [$1337] Critical Crash on shutdown due to notifications bug. Credit to Sergey Glazunov.
- [$1000] High Memory corruption with Ruby support. Credit to kuzzcc.
- [$1000] High Memory corruption with Geolocation support. Credit to kuzzcc.
Unlike Google and Mozilla, which pay bounty hunters to take a look at their products to find bugs that need fixing, Microsoft has made an announcement that it has NO plans to ever pay for hackers finding bugs. The patches for the Chrome browser have been listed as “critical” and were in need of attention in short order. In addition to the fixes listed, there was also a workaround issued for an external Windows kernel bug.
Updates of the Chrome browser are available for Windows, Mac and Linux. The new Chrome version is listed as 5.0.375.127, and can be downloaded from your browser or here.