msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

10 Apr 12 Google Chrome 18 Fixes Flash and Canvas2D


Among the “big fix” items in the new Chrome 18.0.1025.151 release is a Flash player security update, that only Google Chrome is receiving. Google Chrome is the only browser that directly integrates Adobe Flash.

“The Chrome update includes fixes to two memory corruption vulnerabilities that were specific to Adobe Flash Player integrated with Google Chrome,” Wiebke Lips, Senior Manager of Corporate Communications at Adobe, told eSecurityPlanet. “In other words, these vulnerabilities do not impact Flash Player for any other browser or platform.”

The Flash player flaws were additional vulnerabilities that were initially fixed in an Adobe Flash Player 11.2.202.228 update issued at the end of March. That update ushered in silent updates for Windows users of Flash Player on Firefox and Internet Explorer. Google’s Chrome browser has provided silent updates for the integrated browser and flash solution since its initial release.

While security is always a top concern in Google Chrome updates, so too are bug fixes. In Chrome 18.0.1025.151, Google is fixing a Canvas 2D drawing bug related to GPU acceleration. Canvas 2D is an HTML5 element that enables interactive content to run in a browser. As part of the initial Chrome 18 release, Google debuted GPU hardware based acceleration for Canvas 2D in an effort to enable more complex and detailed HTML5 games on Chrome.

Read the full story at eSecurityPlanet:
Google Patches Chrome 18 for Flash Flaws

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.

Article source: http://www.internetnews.com/security/google-chrome-18-fixes-flash-and-canvas2d.html

Tags: , , , , ,

06 Apr 12 Google Patches Chrome for Second Time in Eight Days


Google on Thursday patched 12 Chrome vulnerabilities, the second time in eight days that the search company has updated its browser.

Most of the vulnerabilities — eight of the dozen — were identified as “use-after-free” bugs, a common type of memory vulnerability that researchers have found in large numbers within Chrome using Google’s own AddressSanitizer detection tool.

Seven of the 12 bugs were rated “high,” the second-most-serious ranking in Google’s scoring system. Four were marked “medium” and one was labeled “low.”

Google paid $6,000 in bounties to three researchers for reporting seven of the vulnerabilities. The others were unearthed by Google’s own security team or were ineligible for a finder’s fee.

One of the latter had been forwarded to Google by HP TippingPoint, which operates the Zero Day Initiative (ZDI) bug bounty program. Google does not pay bounties for vulnerabilities submitted to ZDI — it only rewards researchers who have not been otherwise compensated — a decision that has created friction between Google and ZDI in the past.

Among those who received checks were Arthur Gerkis and someone who goes by the nickname “miaubiz,” two of three researchers who were awarded special $10,000 bonuses a month ago for what Google called “sustained, extraordinary” contributions.

Miaubiz took home $4,500 for his work.

Sergey Glazunov, one of those who pocketed $60,000 at the Pwnium hacking challenge Google sponsored last month, reported two of the 12 vulnerabilities. Neither was significant enough to rate a bounty payment, however.

Google has paid more than $216,000 in bug bounties this year, including $120,000 it distributed during Pwnium.

Thursday’s update to Chrome 18 also included a new version of Adobe Flash Player that patched two critical memory corruption vulnerabilities in the Chrome interface. The pair, unique to the Flash Player bundled with the browser, were reported by a Google security engineer and a team from IBM‘s X-Force Research group.

According to the advisory that accompanied Thursday’s update, Google also fixed several non-security issues, including some related to hardware acceleration, a feature the company switched on in Chrome when version 18 debuted March 28.

Chrome accounted for 18.6% of the browsers used worldwide last month, a decrease of about a third of a percentage point from February, said Internet measurement vendor Net Applications earlier this week. Chrome’s usage share has declined three months running, and is down about 3% since the start of the year.

The patched version of Chrome 18 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Already installed copies of the browser will be updated automatically by Chrome’s silent service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/253351/google_patches_chrome_for_second_time_in_eight_days.html

Tags: , , , , ,

06 Apr 12 Google Patches Chrome for Second Time in Eight Days


Google on Thursday patched 12 Chrome vulnerabilities, the second time in eight days that the search company has updated its browser.

Most of the vulnerabilities — eight of the dozen — were identified as “use-after-free” bugs, a common type of memory vulnerability that researchers have found in large numbers within Chrome using Google’s own AddressSanitizer detection tool.

Seven of the 12 bugs were rated “high,” the second-most-serious ranking in Google’s scoring system. Four were marked “medium” and one was labeled “low.”

Google paid $6,000 in bounties to three researchers for reporting seven of the vulnerabilities. The others were unearthed by Google’s own security team or were ineligible for a finder’s fee.

One of the latter had been forwarded to Google by HP TippingPoint, which operates the Zero Day Initiative (ZDI) bug bounty program. Google does not pay bounties for vulnerabilities submitted to ZDI — it only rewards researchers who have not been otherwise compensated — a decision that has created friction between Google and ZDI in the past.

Among those who received checks were Arthur Gerkis and someone who goes by the nickname “miaubiz,” two of three researchers who were awarded special $10,000 bonuses a month ago for what Google called “sustained, extraordinary” contributions.

Miaubiz took home $4,500 for his work.

Sergey Glazunov, one of those who pocketed $60,000 at the Pwnium hacking challenge Google sponsored last month, reported two of the 12 vulnerabilities. Neither was significant enough to rate a bounty payment, however.

Google has paid more than $216,000 in bug bounties this year, including $120,000 it distributed during Pwnium.

Thursday’s update to Chrome 18 also included a new version of Adobe Flash Player that patched two critical memory corruption vulnerabilities in the Chrome interface. The pair, unique to the Flash Player bundled with the browser, were reported by a Google security engineer and a team from IBM‘s X-Force Research group.

According to the advisory that accompanied Thursday’s update, Google also fixed several non-security issues, including some related to hardware acceleration, a feature the company switched on in Chrome when version 18 debuted March 28.

Chrome accounted for 18.6% of the browsers used worldwide last month, a decrease of about a third of a percentage point from February, said Internet measurement vendor Net Applications earlier this week. Chrome’s usage share has declined three months running, and is down about 3% since the start of the year.

The patched version of Chrome 18 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Already installed copies of the browser will be updated automatically by Chrome’s silent service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg’s RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about browsers in Computerworld’s Browsers Topic Center.

Article source: http://www.pcworld.com/article/253351/google_patches_chrome_for_second_time_in_eight_days.html

Tags: , , , , ,

21 Feb 12 Chrome 17 Patched for a Dozen Flaws


Some software vendors prefer to deliver security updates on a scheduled basis: Microsoft’s monthly “Patch Tuesday” is perhaps the best-known example of that approach. But Google takes a different road with its Chrome browser, opting instead to roll out updates on a rapid and ongoing basis.

Google is now updating Chrome 17, just one week after the browser was first released as a stable product. Last week’s Chrome 17 stable release included at least 20 fixes for security vulnerabilities. This week’s Chrome 17.0.963.56 release fixes 13 additional flaws that have bubbled to the surface in the last week.

Seven of the flaws fixed in Chrome 17.0.963.56 are rated as high severity by Google. One of these flaws is an integer overflow issue in the libpng graphics library. Google is awarding security researcher Juri Aedla a “leet” award of $1,337 for the discovery.

Aedla isn’t the only security researcher that is profiting from the Chrome 17.0.963.56 release. In total, Google is awarding researchers $6,837 as part of the Chrome 17.0.963.56 release. The Chromium Rewards Program under which Google pays security researchers for discoveries was first introduced in November of 2010. Since then, Google has paid researchers over $410,000 in rewards for flaw discoveries.


Read the full story at eSecurityPlanet:
Google Patches Chrome 17

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals. Follow him on Twitter @TechJournalist.

Article source: http://www.internetnews.com/security/chrome-17-patched-for-a-dozen-flaws.html

Tags: , , ,