Chrome gets fixed; researcher gets paid

The stable version of Google Chrome for Windows has updated with three critical security fixes and an announcement that the first payouts to crowd-sourced security researchers have been delivered.

The stable version of Google Chrome for Windows has been updated with three critical security fixes and an announcement that the first payouts to crowd-sourced security researchers have been delivered.

Chrome 4.0.249.89 repairs serious problems found in processing the < ruby > tag, and two integer overflows that affected the JavaScript engine and deserialized the sandbox message. Google has a policy of not revealing more information about security fixes until a majority of users have updated their browser.

Other security fixes issued in this release include several medium and low level risks, encompassing proxy behavior, redirection target link leaks, and domain confusion populating the HTTP authentication dialog. This last one was discovered by Timothy D. Morgan, a researcher from VSR and one of the first recipients of the crowd-sourced researcher payments. Google stated that Morgan donated his $500 reward to Haitian relief efforts, and so the company raised it to $1,337.

Google watchers will note that for the first time, the Chrome stable version number is ahead of the Chrome beta for Windows, which is currently at v4.0.248.70. It wouldn't be surprising to see the beta version updated soon. The full changelog for Google Chrome 4.0.249.89 can be read here.

CNET Top 5
Companies Apple could buy with their billions
Apple's sitting on a massive pile of cash. Here are five interesting ways they could spend it.
Play Video
 

Member Comments