updated 10:25 am EST, Wed March 7, 2012
Google rewards researchers for exposing flaws
Just in time for the CanSecWest security conference, Google has announced it has handed out $47,500 in rewards to users who identified bugs in its Chrome browser. There were 14 bugs fixed, with three users getting $10,000 each for their contributions. The vulnerabilities were addressed in a March 4 update to the browser, though the release was suspended due to a small issue.
The Chrome Stable channel update is dubbed 17.0.963.65 and is for Windows, Mac, Linux, and Chrome Frame platforms. It addresses cursors and backgrounds occasionally not loading, plug-ins not loading on some pages, a text paste issue that contains trailing spaces, and websites that rely on touch controls breaking sometimes. The update also has an updated Adobe Flash player.
Google has often touted that Chrome has yet to be successfully breached in an attack owing to its tight security policies. Chrome sandboxes each tab as well as plugins, preventing Flash or a rogue page from compromising either the wider browser or the entire operating system. Other browsers like Safari now do at least limited sandboxing, though it's usually focused on plugins and less on the overall browser.