Google Debugs Chrome

By Peter Bernstein August 23, 2011

Ok, the Google Chrome browser had some problems. Yet, as a Google Chrome browser enthusiast, I am always impressed by both the rarity of such problems and Google’s attention to fixing them. It may not be the only reason it is my default browser but it is certainly one of them. I am particularly pleased that their focus on keeping the user experience trustworthy includes reaching out (and giving credit to) the Chrome user community as well as Google employees. Giving credit where credit is due is important.

Thus, even before writing this, I checked to make sure I had the patches to fix 11 vulnerabilities in Chrome that were released yesterday (August 22).  I did and I feel better, especially since one of the bugs identified was deemed “critical.”

Chrome vulnerabilities found and fixed

For the technically minded, the following two links will get your juices flowing.

  • As cited above, Google Chrome Releases is a company blog that lists the fixes and who deserves credit and is not a bad thing to bookmark.
  • Chromium Security provides information and links on how you too can be rewarded for spotting a problem.

If you are a Chrome user, you will be automatically updated, and if you wish to try Chrome, click here for the latest version for Windows XP, Vista and Windows 7, which include the fixes.

To summarize here is what just got de-bugged. It included: one that got Google’s highest risk rating of “critical," nine rated as "high" and one "medium."

As characterized in a Computerworld article, the list of vulnerabilities fixed were:

  1. Critical – a “memory corruption in vertex handing," referring to code that adds special effects such as textures to 3-D shapes that affected only the Windows version of Chrome.
  2. High —four “use-after-free” bugs that can be used to inject attack code.
  3. Medium — URL parsing confusion on the command line.

Keeping up with the bad guys

If you are keeping score at home, this is the second time this month Chrome has been de-bugged, and the “critical” designation is the sixth of the year. As a mandated precaution employed in all such instances, Google locked down the Chrome bug-tracking database which will remain closed until the coast is clear, e.g., most people have updated, so as to protect the entire Chrome community from being exploited because of a premature release of the specifics of the problems.

As noted above and in the various reports about this, the engagement of users through the bounty program is a key element in keeping Chrome safe. Google paid $8,337 in bounties to seven researchers from outside the company who reported eight of the vulnerabilities. It has paid out more than $120,000 so far this year.  

While not a reason to quit one’s day job, bounties have proven to be an effective incentive to outsiders.

 Happy browsing. Thank you Google.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.

Peter Bernstein is a technology industry veteran, having worked in multiple capacities with several of the industry's biggest brands, including Avaya, Alcatel-Lucent, Telcordia, HP, Siemens, Nortel, France Telecom, and others, and having served on the Advisory Boards of 15 technology startups. To read more of Peter's work, please visit his columnist page.

Edited by Rich Steeves
Related Articles

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More

Making Connections - The Value of Data Correlation

By: Special Guest    1/5/2018

The app economy is upon us, and businesses of all stripes are moving to address it. In this age of digital transformation, businesses rely on applicat…

Read More

3 Ways to Improve Your VR Projects

By: Ellie Martin    1/4/2018

There is no denying that VR is here and will most likely only increase in velocity as a terminal speed is yet to be even hypothesized. That is why it …

Read More

Alphabet to See Schmidt Step Down

By: Maurice Nagle    12/21/2017

In 2001, Google brought Eric Schmidt on board as CEO. To 10 years later become executive chairman, and continue to serve in this capacity through rest…

Read More