Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Releases Chrome 6, Pays $4337 In Bounties

Posted by timothy on from the working-in-the-background dept.

Trailrunner7 writes "Google has released a new version of its Chrome browser and has included more than a dozen security fixes in the update. The new version, 6.0.472.53, was released two years to the day after the company pushed out the first version of Chrome. Google Chrome 6 includes patches for 14 total security vulnerabilities, including six high-priority flaws, and the company paid out a total of $4,337 in bug bounties to researchers who reported the vulnerabilities. A number of the flaws that didn't qualify for bug bounties were discovered by members of Google's internal security team." (Read on for more, below.) Also on the Chrome front, morsch writes "Chrome 7 for Linux is planned to tie in with the Gnome Keyring and the KDE Wallet to securely store saved browser passwords. Users of the stable version of Google's Webkit-based browser might be surprised to find out that, so far, passwords are stored on the hard disk as clear text. On Windows, Chrome has always used a platform-specific crypto API call for encrypted storage. The corresponding Linux function was never implemented — until now. Unstable versions of Chrome 7 still disable the feature by default; it can be enabled using a parameter."

9 of 177 comments (clear)

  1. $4337 in bounties? by Anonymous Coward · · Score: 1, Interesting

    $ 4337 in bounties? So thats one real hard bug $ l337 and $ 3000 worth of bugs that the skript-kiddies could have got.

  2. Print Preview? by bunratty · · Score: 1, Interesting

    Does Chrome 6 have print preview? Can you open files with helper applications without having to delete them manually later? Do Flash videos play the audio correctly?

    --
    What a fool believes, he sees, no wise man has the power to reason away.
    1. Re:Print Preview? by Urza9814 · · Score: 3, Interesting

      Uhh...my Chromium 5 for Linux has print preview and proper flash support. And the same file download behavior as browsers like Firefox - I open a file the browser doesn't handle, it downloads to the folder I've specified for downloads. How is that a problem? As I said, it's the same thing Mozilla does. I don't _want_ a browser to just start deleting my downloads on it's own. If I tell it 'yes, download this file', that file should stay where it is until I decide to delete it.

  3. Version bloat by R.Mo_Robert · · Score: 2, Interesting

    Any reasion for the version-number bloat? I mean, I guess it looks a bit cooler next to IE 8, but I don't really think people are that naive.

    --
    R.Mo
  4. Comment removed by account_deleted · · Score: 2, Interesting

    Comment removed based on user account deletion

  5. Re:$4,337 from a multi-billion dollar company? by Kristopeit,+M.+D. · · Score: 1, Interesting

    yeah, and why aren't they charging us for chrome? stupid billionaires.

  6. Linux Logins by idcard_1 · · Score: 5, Interesting

    FYI your linux logins on Ubuntu are stored in this file: /home/username/.config/google-chrome/Default/Login\ Data just do "strings Login\ Data" and you have those passwords. :(

  7. Re:Crazy Article by n0-0p · · Score: 2, Interesting

    FWIW, they thanked members of the Chrome team a few months ago when they announced sandboxing support in an upcoming version of Acrobat Reader.

  8. Implement your own secure storage strategy by nick1000 · · Score: 2, Interesting

    As a Linux application developer who has used keyring/kwallet for saving secure passwords in the past. I'd recommend not to use them.

    Various different distributions have different versions of the these utilities and their libraries. There are so many variations that it becomes hard to support all versions. Most desktop linux end users have never used them and when they see a warning window popping up (which these utilities tend to show). They cancel the window rather than going through the authentication process.

    Just my 2 cents.