Some software vendors prefer to deliver security updates on a scheduled basis: Microsoft’s monthly “Patch Tuesday” is perhaps the best-known example of that approach. But Google takes a different road with its Chrome browser, opting instead to roll out updates on a rapid and ongoing basis.
Google is now updating Chrome 17, just one week after the browser was first released as a stable product. Last week’s Chrome 17 stable release included at least 20 fixes for security vulnerabilities. This week’s Chrome 17.0.963.56 release fixes 13 additional flaws that have bubbled to the surface in the last week.
Seven of the flaws fixed in Chrome 17.0.963.56 are rated as high severity by Google. One of these flaws is an integer overflow issue in the libpng graphics library. Google is awarding security researcher Juri Aedla a “leet” award of $1,337 for the discovery.
Aedla isn’t the only security researcher that is profiting from the Chrome 17.0.963.56 release. In total, Google is awarding researchers $6,837 as part of the Chrome 17.0.963.56 release. The Chromium Rewards Program under which Google pays security researchers for discoveries was first introduced in November of 2010. Since then, Google has paid researchers over $410,000 in rewards for flaw discoveries.