New Chrome fixes 50 security issues, bug hunter gets $30k
Having implemented 50 security fixes, the Google Chrome team has pushed out a new stable version of the popular browser.
The company hasn’t shared many bug details since it’s first waiting for the majority of users to implement the fixes, but has revealed that it has awarded $30000 to a researchers identified only as lokihardt@asrt for disclosing “a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox.”
Other researchers have been awarded between $4,000 and $500 for a slew of high and medium severity bugs, and the Chrome security team has been commended for finding a wide range of flaws through internal audits, fuzzing and other initiatives.
Windows users have additional good news: Windows 64bit Chrome has gone “stable”.
“64-bit Chrome offers many benefits for speed, stability and security. Our measurements have shown that the native 64-bit version of Chrome has improved speed on many of our graphics and media benchmarks,” software engineer Will Harris shared in a blog post announcing the release.
“For example, the VP9 codec that’s used in High Definition YouTube videos shows a 15% improvement in decoding performance. Stability measurements from people opted into our Canary, Dev and Beta 64-bit channels confirm that 64-bit rendering engines are almost twice as stable as 32-bit engines when handling typical web content. Finally, on 64-bit, our defense in depth security mitigations such as Partition Alloc are able to far more effectively defend against vulnerabilities that rely on controlling the memory layout of objects.”
Users looking forward to using 64-bit Chrome must manually download the installer, and be aware that there is currently no 32-bit NPAPI plugin support.