Google patches 11 Chrome security problems

Two critical security issues in Google's browser produce bounties of $1,337 apiece for the discoverers.

Google patched 11 vulnerabilities--three critical, seven high-risk, and one medium--in a new version of Chrome released Thursday.

All but one of the problems was in Chrome itself. The additional issue handled in Chrome 5.0.375.127 (Windows | Mac | Linux) is a workaround for a critical Windows kernel bug, according to a blog post Thursday by Jason Kersey of the Chrome team.

Chrome has an automated update process that periodically checks for updates, downloads new versions, and installs them when a person restarts the browser. For a quicker update, people can follow Google's instructions to check for and install a Chrome update.

The critical Windows kernel bug and the two other critical problems each merited bounty payments of $1,337 for the discoverers. Although Google has added an "e-leet" payment option of $3,133.70 for very severe problems, it hasn't awarded any bounties that high so far.

The program has been lucrative for Sergey Glazunov, whom Google credited for discovering two of the critical and two of the high vulnerabilities that were patched Thursday. Glazunov, who also won the first $1,337-level bounty, is the clear leader so far in the Chrome security hall of fame and has earned a total of $8,011 in the program.

Clarification at 8:45 a.m. PDT: The number of vulnerabilities was increased by one, based on an interpretation of a fix that was tied to two bugs.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

As Xbox One gets a little sweeter, HoloLens gets Xbox Live

Microsoft announces new features coming to Xbox One, including the ability to record TV shows. Also, the company opens up Xbox Live to HoloLens programmers.

by Bridget Carey