Typical of a software product that is never perfect out of the box, Chrome 16 gets a new set of security related bug fixes to address known vulnerabilities disclosed last Monday. Google made the announcement yesterday and further disclosed that a fifth of these vulnerabilities had already been patched two weeks earlier.
This recent bug fix on the new Chrome 16 is the second security update released this month. Among the five security bugs that Google had earlier squashed was one already fixed in the January 9 update. Anthony Laforge, a program manager for Chrome, said in his blog post that the discovered flaw has been patched two weeks ago but got “ accidentally excluded from the release notes” on its Jan 9 update.
At the time of their discovery, the fifth bug was considered the most serious among the five, earning a “critical” ranking which is Google’s highest threat level. According to bug trail of the open source team Chromium that codes the browser, the bug causes Chrome 16 to crash whenever users see its warning against a malicious site and when refreshing the page.
The vulnerability was reported last December by researcher Chamal de Silva who was awarded $3,133, the highest bounty from Google and the third time such an amount has been awarded since June 2011. It will be recalled than a year earlier, Google raised its highest bug discovery bounty from its $1,337 level to the current $3,133 in response to archrival Mozilla upping a similar bounty to $3,000.
The two other guys who reported three of the other vulnerabilities got $3,000 in total bounties as each bug was only rated as “high” level threat. The search engine leader has paid out more than $8,000 in bounties since the start of the year to independent researchers filing valid bug discoveries. Last year it paid a total of $180,000 in bounties.
According to Net Application, a web metrics company, Chrome last December narrowly surpassed Mozilla’s Firefox for the number 2 spot as it reached 19.1% browser usage. If the trend continues, Chrome will breach the 20% point late this month or early next. The current stable version is Chrome 16 which is freeware downloadable from Google’s site.
