Google Releases Vulnerability Fixes with Chrome 17.0.963.65

Monday, March 05, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

Google has released Chrome 17.0.963.65 for Windows, Macintosh, Linux and Google Chrome Frame which provides fixes for multiple vulnerabilities identified may have allowed for denial-of-service (DoS) attacks or the execution of malicious arbitrary code.

The Chrome 17.0.963.65 release also contains updates for the Adobe Flash player. Google also announced the awarding of bounties for the identification of several of the vulnerabilities, including:

  • [$10,000] [116661] Rockstar CVE-1337-d00d1: Excessive WebKit fuzzing. Credit to miaubiz.
  • [$10,000] [116662] Legend CVE-1337-d00d2: Awesome variety of fuzz targets. Credit to Aki Helin of OUSPG.
  • [$10,000] [116663] Superhero CVE-1337-d00d3: Significant pain inflicted upon SVG. Credit to Arthur Gerkis.

"To determine the above rewards, we looked at bug finding performance over the past few months. The three named individuals stood out significantly," Google's Jason Kersey wrote.

The continued use of bug bounties as an incentive for security improvements has been a successful strategy for Google, and in this instance the company has awarded bonus payouts.

"We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we’re dropping a surprise bonus. We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn’t be possible without the aggressive bug hunting of the wider community," Kersey stated.

More details on the Chrome release, as well as bugs and bounties offered by Google can be found here:

Source:  http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html

Possibly Related Articles:
4504
Webappsec->General
Denial of Service Google Browser Security Vulnerabilities Headlines Chrome Update Mitigation Malicious Code Bounty Debugging
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.