Google patches 11 Chrome security problems
Two critical security issues in Google's browser produce bounties of $1,337 apiece for the discoverers.
- Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Google patched 11 vulnerabilities--three critical, seven high-risk, and one medium--in a new version of Chrome released Thursday.
All but one of the problems was in Chrome itself. The additional issue handled in Chrome 5.0.375.127 (Windows | Mac | Linux) is a workaround for a critical Windows kernel bug, according to a blog post Thursday by Jason Kersey of the Chrome team.
Chrome has an automated update process that periodically checks for updates, downloads new versions, and installs them when a person restarts the browser. For a quicker update, people can follow Google's instructions to check for and install a Chrome update.
The critical Windows kernel bug and the two other critical problems each merited bounty payments of $1,337 for the discoverers. Although Google has added an "e-leet" payment option of $3,133.70 for very severe problems, it hasn't awarded any bounties that high so far.
The program has been lucrative for Sergey Glazunov, whom Google credited for discovering two of the critical and two of the high vulnerabilities that were patched Thursday. Glazunov, who also won the first $1,337-level bounty, is the clear leader so far in the Chrome security hall of fame and has earned a total of $8,011 in the program.
Clarification at 8:45 a.m. PDT: The number of vulnerabilities was increased by one, based on an interpretation of a fix that was tied to two bugs.