Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Releases Chrome 6, Pays $4337 In Bounties

Posted by timothy on from the working-in-the-background dept.

Trailrunner7 writes "Google has released a new version of its Chrome browser and has included more than a dozen security fixes in the update. The new version, 6.0.472.53, was released two years to the day after the company pushed out the first version of Chrome. Google Chrome 6 includes patches for 14 total security vulnerabilities, including six high-priority flaws, and the company paid out a total of $4,337 in bug bounties to researchers who reported the vulnerabilities. A number of the flaws that didn't qualify for bug bounties were discovered by members of Google's internal security team." (Read on for more, below.) Also on the Chrome front, morsch writes "Chrome 7 for Linux is planned to tie in with the Gnome Keyring and the KDE Wallet to securely store saved browser passwords. Users of the stable version of Google's Webkit-based browser might be surprised to find out that, so far, passwords are stored on the hard disk as clear text. On Windows, Chrome has always used a platform-specific crypto API call for encrypted storage. The corresponding Linux function was never implemented — until now. Unstable versions of Chrome 7 still disable the feature by default; it can be enabled using a parameter."

4 of 177 comments (clear)

  1. Re:Where's the love for the Mac passwords? by Netshroud · · Score: 4, Informative

    Chrome already uses the Keyring... at least it does for me.

  2. Re:Version bloat by rezonat0r · · Score: 4, Informative

    I'm guessing you missed their highly re-reported blog post regarding the new release schedule.

  3. Re:Print Preview? by Anonymous Coward · · Score: 5, Informative

    no, no and yes

  4. Re:$4,337 from a multi-billion dollar company? by LingNoi · · Score: 4, Informative

    Since you're not going to RTFA or even the summary i'll repost it here..

    includes patches for 14 total security vulnerabilities, including six high-priority flaws, and the company paid out a total of $4,337 in bug bounties to researchers who reported the vulnerabilities. A number of the flaws that didn't qualify for bug bounties were discovered by members of Google's internal security team.

    The new release of Chrome also fixes an older bug, a Windows kernel flaw, that Google had thought it fixed in a previous version.The highest bug bounty, $1337, was paid for an integer error in WebSockets found by Keith Campbell. A second high-priority flaw, a sandbox parameter deserialization error, was discovered by two members of Adobe's Reader Sandbox Team.