msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

16 May 12 Google Chrome 19 Debuts, With 20 Bug Patches


Google Drive: 10 Alternatives To See
(click image for larger view and for slideshow)
Google Tuesday released version 19 of its Chrome browser, which includes fixes for 20 vulnerabilities, as well as a new feature for sharing open tabs across different devices. But Google said the feature won’t be widely available for another few weeks.

The new version of Chrome is available for Windows, Mac, Linux, and Chrome Frame. All current Chrome installations should auto-update to the latest version over the next few days.

Google releases a new, stable version of Chrome about every six to eight weeks.

With the release of Chrome 19, Google also distributed $7,500 as part of its bug bounty program. None of the patched bugs were “critical,” meaning–per the Common Vulnerability Scoring System (CVSS)–that attackers could have potentially used them to remotely execute arbitrary code. However, eight of the vulnerabilities patched in the new version of Chrome are of “high” severity, seven are ranked as “medium,” and five are of “low” severity.

[ Read It's Browser Version Madness! ]

Six of the bugs were spotted by Google or the broader Chromium (Google Chrome OS) community. A low-risk, Windows-only “bad search path for Windows Media Player plug-in” bug was credited to Microsoft and Microsoft Vulnerability Research.

Full information about all of the bugs has yet to be released; Google typically waits to release detailed information until the majority of Chrome users have received related patches. But many of the patched bugs relate to memory errors in C/C++. Not coincidentally, Google said that a homegrown tool, AddressSanitizer, had been used by researchers to detect many of the patched vulnerabilities.

Unusually, Google also distributed an additional $9,000 in rewards to Aki Helin at the Oulu University Secure Programming Group in Finland, as well as Sławomir Błażek, Chamal de Silva, miaubiz, Arthur Gerkis, and Christian Holler “for working with us during the development cycle and preventing security regressions from ever reaching the stable channel.” All feature prominently in Google’s Security Hall of Fame, which lists researchers who have helped “make Chromium safer.”

Google software engineer and “tab-wrangling server jockey” Raz Mathias explained how Chrome’s new tab synchronization feature will work. “When you’re signed in to Chrome, your open tabs are synced across all your devices, so you can quickly access them from the ‘Other devices’ menu on the New Tab page,” he said in a blog post. “If you’ve got Chrome for Android Beta, you can open the same recipe tab right on your phone when you run out to the store for more ingredients. The back and forward buttons will even work, so you can pick up browsing right where you left off.”

Chrome isn’t the only browser now offering tab synchronization. Notably, Mozilla added tab synchronization to Firefox 4, which it released in 2010.

At this interactive Enterprise Mobility Virtual Event, experts and solution providers will offer detailed insight into how to bring some order to the mobile industry innovation chaos. When you register, you will gain access to live webcast presentations and virtual booths packed with free resources. It happens May 17.

Article source: http://www.informationweek.com/news/security/vulnerabilities/240000485

Tags: , , , , ,

10 Apr 12 Google Patches 12 Flaws in Chrome


Google has 12 vulnerabilities in Chrome, including seven high-risk flaws. The new release of Chrome also includes an updated version of the Adobe Flash player.

This is the second update for Chrome in the last few days from Google. The company updates its browser on a rolling basis, pushing out a new release whenever there’s sufficient volume of security issues to address or when there’s a high-priority vulnerability that warrants a quick fix. As part of its bug bounty program, Google paid out $6,000 in rewards to researchers who reported vulnerabilities to the company. Among the researchers who qualified this time around are Sergey Glazunov and Miaubiz, both of whom regularly get payouts from Google for their research.

The security fixes included in the latest Chrome release are:

[$500] [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz.
[117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov.
[$1000] [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz.
[$1000] [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz.
[118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined).
[118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
[118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov.
[$1000] [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis.
[$500] [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek.
[$1000] [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz.
[$1000] [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz.
[120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno).

Commenting on this Article will be automatically closed on July 5, 2012.

Article source: http://threatpost.com/en_us/blogs/google-patches-12-flaws-chrome-040512

Tags: , , ,

06 Apr 12 Google Patches Chrome for Second Time in Eight Days


Google on Thursday patched 12 Chrome vulnerabilities, the second time in eight days that the search company has updated its browser.

Most of the vulnerabilities — eight of the dozen — were identified as “use-after-free” bugs, a common type of memory vulnerability that researchers have found in large numbers within Chrome using Google’s own AddressSanitizer detection tool.

Seven of the 12 bugs were rated “high,” the second-most-serious ranking in Google’s scoring system. Four were marked “medium” and one was labeled “low.”

Google paid $6,000 in bounties to three researchers for reporting seven of the vulnerabilities. The others were unearthed by Google’s own security team or were ineligible for a finder’s fee.

One of the latter had been forwarded to Google by HP TippingPoint, which operates the Zero Day Initiative (ZDI) bug bounty program. Google does not pay bounties for vulnerabilities submitted to ZDI — it only rewards researchers who have not been otherwise compensated — a decision that has created friction between Google and ZDI in the past.

Among those who received checks were Arthur Gerkis and someone who goes by the nickname “miaubiz,” two of three researchers who were awarded special $10,000 bonuses a month ago for what Google called “sustained, extraordinary” contributions.

Miaubiz took home $4,500 for his work.

Sergey Glazunov, one of those who pocketed $60,000 at the Pwnium hacking challenge Google sponsored last month, reported two of the 12 vulnerabilities. Neither was significant enough to rate a bounty payment, however.

Google has paid more than $216,000 in bug bounties this year, including $120,000 it distributed during Pwnium.

Thursday’s update to Chrome 18 also included a new version of Adobe Flash Player that patched two critical memory corruption vulnerabilities in the Chrome interface. The pair, unique to the Flash Player bundled with the browser, were reported by a Google security engineer and a team from IBM‘s X-Force Research group.

According to the advisory that accompanied Thursday’s update, Google also fixed several non-security issues, including some related to hardware acceleration, a feature the company switched on in Chrome when version 18 debuted March 28.

Chrome accounted for 18.6% of the browsers used worldwide last month, a decrease of about a third of a percentage point from February, said Internet measurement vendor Net Applications earlier this week. Chrome’s usage share has declined three months running, and is down about 3% since the start of the year.

The patched version of Chrome 18 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Already installed copies of the browser will be updated automatically by Chrome’s silent service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/253351/google_patches_chrome_for_second_time_in_eight_days.html

Tags: , , , , ,

06 Apr 12 Google Patches Chrome for Second Time in Eight Days


Google on Thursday patched 12 Chrome vulnerabilities, the second time in eight days that the search company has updated its browser.

Most of the vulnerabilities — eight of the dozen — were identified as “use-after-free” bugs, a common type of memory vulnerability that researchers have found in large numbers within Chrome using Google’s own AddressSanitizer detection tool.

Seven of the 12 bugs were rated “high,” the second-most-serious ranking in Google’s scoring system. Four were marked “medium” and one was labeled “low.”

Google paid $6,000 in bounties to three researchers for reporting seven of the vulnerabilities. The others were unearthed by Google’s own security team or were ineligible for a finder’s fee.

One of the latter had been forwarded to Google by HP TippingPoint, which operates the Zero Day Initiative (ZDI) bug bounty program. Google does not pay bounties for vulnerabilities submitted to ZDI — it only rewards researchers who have not been otherwise compensated — a decision that has created friction between Google and ZDI in the past.

Among those who received checks were Arthur Gerkis and someone who goes by the nickname “miaubiz,” two of three researchers who were awarded special $10,000 bonuses a month ago for what Google called “sustained, extraordinary” contributions.

Miaubiz took home $4,500 for his work.

Sergey Glazunov, one of those who pocketed $60,000 at the Pwnium hacking challenge Google sponsored last month, reported two of the 12 vulnerabilities. Neither was significant enough to rate a bounty payment, however.

Google has paid more than $216,000 in bug bounties this year, including $120,000 it distributed during Pwnium.

Thursday’s update to Chrome 18 also included a new version of Adobe Flash Player that patched two critical memory corruption vulnerabilities in the Chrome interface. The pair, unique to the Flash Player bundled with the browser, were reported by a Google security engineer and a team from IBM‘s X-Force Research group.

According to the advisory that accompanied Thursday’s update, Google also fixed several non-security issues, including some related to hardware acceleration, a feature the company switched on in Chrome when version 18 debuted March 28.

Chrome accounted for 18.6% of the browsers used worldwide last month, a decrease of about a third of a percentage point from February, said Internet measurement vendor Net Applications earlier this week. Chrome’s usage share has declined three months running, and is down about 3% since the start of the year.

The patched version of Chrome 18 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Already installed copies of the browser will be updated automatically by Chrome’s silent service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/253351/google_patches_chrome_for_second_time_in_eight_days.html

Tags: , , , , ,

24 Mar 12 Google patches 9 Chrome bugs, pays more to top researchers


Computerworld - Google yesterday patched nine vulnerabilities in Chrome in the sixth security update to Chrome 17, the edition that launched Feb. 8.

Wednesday’s update was the first since the Chrome security team issued a pair of quick fixes during the “Pwnium” hacking event held March 7-9 at the CanSecWest security conference.

Six of the nine bugs patched Wednesday were rated “high,” the second-most dire ranking in Google’s threat system. One was marked “medium,” and the remaining two were labeled “low.”

Google paid $5,500 in bounties to four researchers for reporting five bugs. The four other vulnerabilities were uncovered by members of Google’s own security team or were too minor to be eligible for a bonus.

Three of the four researchers who reported flaws fixed in Chrome 17 yesterday have been recently recognized by Google.

Sergey Glazunov, who received a $2,000 bounty for submitting a bug described by Google as “cross-origin violation with ‘magic iframe,’” was one of two $60,000 prize winners at Pwnium earlier this month.

Glazunov was the first to claim cash at Pwnium, the Chrome-only hacking challenge that Google created after it withdrew from the long-running Pwn2Own contest over objections about the latter’s exploit reporting practices.

Two others, Arthur Gerkis and a researcher known as “miaubiz,” received $1,000 and $2,000, respectively, for bugs that Google patched yesterday.

Gerkis and miaubiz were two of the three outside bug hunters who were given special $10,000 bonuses three weeks ago for what Google called “sustained, extraordinary” contributions to its vulnerability reporting program.

So far this year, Google has paid nearly $200,000 to outside researchers through its bug bounty and Pwnium programs.

Google will not be patching a Chrome bug revealed in “Pwn2Own,” the other hacking contest that ran at CanSecWest.

At Pwn2Own, a team from the French security firm Vupen exploited Chrome by using a one-two punch of a bug in Flash Player — which Google bundles with its browser — and a Chrome “sandbox escape” vulnerability.

Because Pwn2Own sponsor HP TippingPoint’s Zero Day Initiative (ZDI) bug bounty program does not require researchers to disclose sandbox escape vulnerabilities, Google was not told how the Vupen team hacked Chrome.

Yesterday’s update to Chrome 17 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Users running the browser will receive the new version automatically through its silent, in-the-background update service.

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg’s RSS feed Keizer RSS. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

More: Browser Topic Center

Read more about Security in Computerworld’s Security Topic Center.

Article source: http://www.computerworld.com/s/article/9225441/Google_patches_9_Chrome_bugs_pays_more_to_top_researchers

Tags: , , ,

24 Mar 12 Google patches 9 Chrome bugs, pays more to top researchers


Google yesterday patched nine vulnerabilities in Chrome in the sixth security update to Chrome 17, the edition that launched Feb. 8.

Wednesday’s update was the first since the Chrome security team issued a pair of quick fixes during the “Pwnium” hacking event held March 7-9 at the CanSecWest security conference.

Six of the nine bugs patched Wednesday were rated “high,” the second-most dire ranking in Google’s threat system. One was marked “medium,” and the remaining two were labeled “low.”

Google paid $5,500 in bounties to four researchers for reporting five bugs. The four other vulnerabilities were uncovered by members of Google’s own security team or were too minor to be eligible for a bonus.

Three of the four researchers who reported flaws fixed in Chrome 17 yesterday have been recently recognized by Google.

Sergey Glazunov, who received a $2,000 bounty for submitting a bug described by Google as “cross-origin violation with ‘magic iframe,’” was one of two $60,000 prize winners at Pwnium earlier this month.

Glazunov was the first to claim cash at Pwnium , the Chrome-only hacking challenge that Google created after it withdrew from the long-running Pwn2Own contest over objections about the latter’s exploit reporting practices.

Two others, Arthur Gerkis and a researcher known as “miaubiz,” received $1,000 and $2,000, respectively, for bugs that Google patched yesterday.

Gerkis and miaubiz were two of the three outside bug hunters who were given special $10,000 bonuses three weeks ago for what Google called “sustained, extraordinary” contributions to its vulnerability reporting program.

So far this year, Google has paid nearly $200,000 to outside researchers through its bug bounty and Pwnium programs.

Google will not be patching a Chrome bug revealed in “Pwn2Own,” the other hacking contest that ran at CanSecWest.

At Pwn2Own, a team from the French security firm Vupen exploited Chrome by using a one-two punch of a bug in Flash Player — which Google bundles with its browser — and a Chrome “sandbox escape” vulnerability.

Because Pwn2Own sponsor HP TippingPoint’s Zero Day Initiative (ZDI) bug bounty program does not require researchers to disclose sandbox escape vulnerabilities, Google was not told how the Vupen team hacked Chrome.

Yesterday’s update to Chrome 17 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Users running the browser will receive the new version automatically through its silent, in-the-background update service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg’s RSS feed . His email address is gkeizer@computerworld.com .

See more by Gregg Keizer on Computerworld.com .

Read more about security in Computerworld’s Security Topic Center.

Article source: http://www.itworld.com/security/261172/google-patches-9-chrome-bugs-pays-more-top-researchers

Tags: , , ,

22 Mar 12 Google patches 9 Chrome bugs, pays more to top researchers


Computerworld - Google yesterday patched nine vulnerabilities in Chrome in the sixth security update to Chrome 17, the edition that launched Feb. 8.

Wednesday’s update was the first since the Chrome security team issued a pair of quick fixes during the “Pwnium” hacking event held March 7-9 at the CanSecWest security conference.

Six of the nine bugs patched Wednesday were rated “high,” the second-most dire ranking in Google’s threat system. One was marked “medium,” and the remaining two were labeled “low.”

Google paid $5,500 in bounties to four researchers for reporting five bugs. The four other vulnerabilities were uncovered by members of Google’s own security team or were too minor to be eligible for a bonus.

Three of the four researchers who reported flaws fixed in Chrome 17 yesterday have been recently recognized by Google.

Sergey Glazunov, who received a $2,000 bounty for submitting a bug described by Google as “cross-origin violation with ‘magic iframe,’” was one of two $60,000 prize winners at Pwnium earlier this month.

Glazunov was the first to claim cash at Pwnium, the Chrome-only hacking challenge that Google created after it withdrew from the long-running Pwn2Own contest over objections about the latter’s exploit reporting practices.

Two others, Arthur Gerkis and a researcher known as “miaubiz,” received $1,000 and $2,000, respectively, for bugs that Google patched yesterday.

Gerkis and miaubiz were two of the three outside bug hunters who were given special $10,000 bonuses three weeks ago for what Google called “sustained, extraordinary” contributions to its vulnerability reporting program.

So far this year, Google has paid nearly $200,000 to outside researchers through its bug bounty and Pwnium programs.

Google will not be patching a Chrome bug revealed in “Pwn2Own,” the other hacking contest that ran at CanSecWest.

At Pwn2Own, a team from the French security firm Vupen exploited Chrome by using a one-two punch of a bug in Flash Player — which Google bundles with its browser — and a Chrome “sandbox escape” vulnerability.

Because Pwn2Own sponsor HP TippingPoint’s Zero Day Initiative (ZDI) bug bounty program does not require researchers to disclose sandbox escape vulnerabilities, Google was not told how the Vupen team hacked Chrome.

Yesterday’s update to Chrome 17 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Users running the browser will receive the new version automatically through its silent, in-the-background update service.

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg’s RSS feed Keizer RSS. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

More: Browser Topic Center

Read more about Security in Computerworld’s Security Topic Center.

Article source: http://www.computerworld.com/s/article/9225441/Google_patches_9_Chrome_bugs_pays_more_to_top_researchers

Tags: , , ,

06 Mar 12 Google patches 14 Chrome bugs, pays $47k in bounties


Google has patched 14 vulnerabilities in Chrome and handed out a record $47,500 in rewards to researchers, including $30,000 for “sustained, extraordinary” contributions to its bug-reporting program.

The record checks were cut just two days before Google will put up to $1 million on the line at CanSecWest, a security conference set to kick off Tuesday and run through Thursday.


Sunday’s security update to Chrome 17 was the second for that version since it launched Feb. 8.

All 14 of the vulnerabilities patched yesterday were labeled “high,” Google’s second-most-serious threat ranking.

Ten of the bugs were tagged as “use-after-free” memory management vulnerabilities, a common type of bug reported by researchers, who continue to use Google’s own memory error detection tool, AddressSanitizer, to sniff out flaws.

While the 14 bugs reported by four outside researchers earned them $17,500 in bounty payments, Google also rewarded three of them with surprise bonuses of $10,000 each for what it said was “sustained, extraordinary” work.

The three bonuses went to researchers Aki Helin and Arthur Gerkis, and to someone identified as “miaubiz.” All three reported vulnerabilities that Google patched Sunday.

They also have been among the most prolific researchers for Google.

In 2011, for example, miaubiz earned more than $40,000 in bounties, while Helin took home $7,500 and Gerkis received $4,000.

“To determine the [$10,000] rewards, we looked at bug finding performance over the past few months,” said Jason Kersey, a Chrome program manager, in a Sunday blog . “We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. We reserve the right to do so again and reserve the right to do so on a more regular basis!”

So far this year, Google has paid nearly $73,000 to outside researchers.

It could lay out a lot more than that this week at CanSecWest, the Vancouver, British Columbia, security conference that opens tomorrow.

Last week, Google withdrew its sponsorship of the annual Pwn2Own hacking contest at CanSecWest, and instead said it would offer up to $1 million in cash prizes to researchers who demonstrate exploits of unknown Chrome vulnerabilities.

Google will pay $60,000 for what it called a “full Chrome exploit” — one that successfully hacks Chrome on Windows 7 using only vulnerabilities in Chrome itself — $40,000 for every partial exploit that uses one bug within Chrome and one or more in other software, and $20,000 for “consolation” exploits that hack Chrome without using any vulnerabilities in the browser.

The company has promised to pay out as much as $1 million, assuming it has that many takers.

Also included with Sunday’s Chrome 17 was an update to Adobe Flash Player. Google again beat Adobe to the punch on delivering a Flash upgrade; Adobe is issuing a security update today that fixes two critical flaws in the popular media software.

Adobe credited two members of Google’s security team, Tavis Ormandy and Fermin Serna, with reporting the Flash bugs.

Sunday’s update to Chrome 17 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Users running the browser will be updated automatically through its silent service.

Article source: http://www.macworld.co.uk/digitallifestyle/news/index.cfm?newsid=3342258

Tags: , , ,

06 Mar 12 Google patches 14 Chrome bugs, pays record $47K in bounties and bonuses


Google yesterday patched 14 vulnerabilities in Chrome and handed out a record $47,500 in rewards to researchers, including
$30,000 for “sustained, extraordinary” contributions to its bug-reporting program.

The record checks were cut just two days before Google will put up to $1 million on the line at CanSecWest, a security conference
set to kick off Tuesday and run through Thursday.

Sunday’s security update to Chrome 17 was the second for that version since it launched Feb. 8 .

All 14 of the vulnerabilities patched yesterday were labeled “high,” Google’s second-most-serious threat ranking.

Ten of the bugs were tagged as “use-after-free” memory management vulnerabilities, a common type of bug reported by researchers,
who continue to use Google’s own memory error detection tool, AddressSanitizer, to sniff out flaws.

While the 14 bugs reported by four outside researchers earned them $17,500 in bounty payments, Google also rewarded three
of them with surprise bonuses of $10,000 each for what it said was “sustained, extraordinary” work.

The three bonuses went to researchers Aki Helin and Arthur Gerkis, and to someone identified as “miaubiz.” All three reported
vulnerabilities that Google patched Sunday.

They also have been among the most prolific researchers for Google.

In 2011, for example, miaubiz earned more than $40,000 in bounties, while Helin took home $7,500 and Gerkis received $4,000.

“To determine the [$10,000] rewards, we looked at bug finding performance over the past few months,” said Jason Kersey, a
Chrome program manager, in a Sunday blog . “We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. We reserve the right to
do so again and reserve the right to do so on a more regular basis!”

So far this year, Google has paid nearly $73,000 to outside researchers.

It could lay out a lot more than that this week at CanSecWest, the Vancouver, British Columbia, security conference that opens
tomorrow.

Last week, Google withdrew its sponsorship of the annual Pwn2Own hacking contest at CanSecWest, and instead said it would
offer up to $1 million in cash prizes to researchers who demonstrate exploits of unknown Chrome vulnerabilities.

Google will pay $60,000 for what it called a “full Chrome exploit” — one that successfully hacks Chrome on Windows 7 using
only vulnerabilities in Chrome itself — $40,000 for every partial exploit that uses one bug within Chrome and one or more
in other software, and $20,000 for “consolation” exploits that hack Chrome without using any vulnerabilities in the browser.

The company has promised to pay out as much as $1 million, assuming it has that many takers.

Also included with Sunday’s Chrome 17 was an update to Adobe Flash Player. Google again beat Adobe to the punch on delivering
a Flash upgrade; Adobe is issuing a security update today that fixes two critical flaws in the popular media software.

Adobe credited two members of Google’s security team, Tavis Ormandy and Fermin Serna, with reporting the Flash bugs.

Article source: http://www.networkworld.com/news/2012/030512-google-patches-14-chrome-bugs-256942.html

Tags: , , ,