Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Pushes New Chrome Release, Pays $14k Bounty

Posted by timothy on from the return-on-investment dept.

Trailrunner7 writes "Google has released version 8.0.552.237 of its Chrome browser, which includes fixes for 16 security vulnerabilities. The company also paid out more than $14,000 in bug bounties for the flaws fixed in this release, including the first maximum reward of $3133.7. The new version of Google Chrome has fixes for 13 high-priority bugs, but the most serious vulnerability the company repaired in the browser is a critical flaw resulting from a stale pointer in the speech handling component of Chrome. That flaw, along with four others, was discovered by researcher Sergey Glazunov, who earned a total of more than $7,000 in rewards for the bugs he reported to Google."

8 of 182 comments (clear)

  1. New business model: by Fluffeh · · Score: 5, Insightful

    1) Convince Microsoft to adopt similar bug strategy.
    2) Start using software as it was designed to be used...
    3) PROFIT!!

    Yes, that's right. No step 4.

    *sips coffee*

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
  2. Google won this round... by NFN_NLN · · Score: 4, Insightful

    14K sounds like a pretty good deal for Google. That's less than 2 months of salary for even an intermediate tester.

  3. I'll be filing a bug report soon by 93+Escort+Wagon · · Score: 5, Funny

    I've heard that h.264 support is broken in an upcoming release.

    --
    #DeleteChrome
  4. One of the best things about Chrome ... by Wrath0fb0b · · Score: 4, Interesting

    Is that updates take place silently and promptly without any user intervention even on systems with UAC activated (a copy is installed to %appdata%). Why can't other applications just keep themselves up to date automatically in that way? It's obviously not technologically impossible, we've seen it happen. Even Windows Update is vaguely alright in this respect once you disable the restart-nagging. Debian systems do fine after a simple 'apt-get update && apt-get upgrade -y' in the root crontab although the GUI will occasionally pester you.

    Firefox has to be the worst offender in this respect, both in terms of actual software upgrades that block the UI and then add-ons that also block the main UI and then spawn a silly splash to inform you of the amazing upgrade rfom 2.1.6 to 2.1.6(b). Unless it requires a change in the terms of the license or more permissions (Android does this nicely), I don't care and I definitely don't need to be interrupted to see it.

    Another free tip for the Mozilla team -- when I open an application is not the time to install any updates. In fact, that is the only time you can be nearly guaranteed that I want to use the application right this second. Schedule updates for when I close the app because it's pretty damn likely I don't need to use it for a few minutes.

    Apple could learn the same thing about their infernal updates too, plus an extra special place in hell for pimping their other software at the same time. I still get calls from my parents "Do I need Safari?", hmm, no just upgrade iTunes when it asks you to. "What about quicktime?". Gah.

     

    1. Re:One of the best things about Chrome ... by BZ · · Score: 4, Informative

      > Schedule updates for when I close the app because it's pretty damn likely I don't need to
      > use it for a few minutes.

      It's not that simple. When you close the app in the case of a web browser, you're most likely shutting your machine down; you don't want to do the update then.

      The only sane way to do it is what Google does: actually replace the binaries in-place as the program runs... We're working on getting there. :)

    2. Re:One of the best things about Chrome ... by mysidia · · Score: 5, Informative

      Is that updates take place silently and promptly without any user intervention even on systems with UAC activated (a copy is installed to %appdata%).

      Hm.. that idea wouldn't work on any systems I setup.

      Software restriction policy all systems, Policy default: deny.

      Programs can be executed from the default allowed directories. %programfiles% , %systemroot%\system32, etc, and some designated paths for placing executables in manually, in order to install them.

      User profile directories including appdata are specifically excluded, because this is best common practice. Programs/executables don't belong in any user's profile or appdata folder (Especially not in any folder used as a default download directory for saving files or temporary directory used by a mail application for opening attachments in a viewer). Contents of appdata is a data folder, and all of a user's profile are data folders, not program folders.

  5. Re:interesting by biryokumaru · · Score: 4, Funny

    My Chrome goes to 11.

    --
    When you're afraid to download music illegally in your own home, then the terrorists have won!
  6. Re:Wait a minute... by russotto · · Score: 4, Funny

    3,133.7?

    Looks suspiciously like 'leet to me.

    Way to spot 'em, Captain Obvious.