Google Debugs Chrome

By Peter Bernstein August 23, 2011

Ok, the Google Chrome browser had some problems. Yet, as a Google Chrome browser enthusiast, I am always impressed by both the rarity of such problems and Google’s attention to fixing them. It may not be the only reason it is my default browser but it is certainly one of them. I am particularly pleased that their focus on keeping the user experience trustworthy includes reaching out (and giving credit to) the Chrome user community as well as Google employees. Giving credit where credit is due is important.

Thus, even before writing this, I checked to make sure I had the patches to fix 11 vulnerabilities in Chrome that were released yesterday (August 22).  I did and I feel better, especially since one of the bugs identified was deemed “critical.”

Chrome vulnerabilities found and fixed

For the technically minded, the following two links will get your juices flowing.

  • As cited above, Google Chrome Releases is a company blog that lists the fixes and who deserves credit and is not a bad thing to bookmark.
  • Chromium Security provides information and links on how you too can be rewarded for spotting a problem.

If you are a Chrome user, you will be automatically updated, and if you wish to try Chrome, click here for the latest version for Windows XP, Vista and Windows 7, which include the fixes.

To summarize here is what just got de-bugged. It included: one that got Google’s highest risk rating of “critical," nine rated as "high" and one "medium."

As characterized in a Computerworld article, the list of vulnerabilities fixed were:

  1. Critical – a “memory corruption in vertex handing," referring to code that adds special effects such as textures to 3-D shapes that affected only the Windows version of Chrome.
  2. High —four “use-after-free” bugs that can be used to inject attack code.
  3. Medium — URL parsing confusion on the command line.

Keeping up with the bad guys

If you are keeping score at home, this is the second time this month Chrome has been de-bugged, and the “critical” designation is the sixth of the year. As a mandated precaution employed in all such instances, Google locked down the Chrome bug-tracking database which will remain closed until the coast is clear, e.g., most people have updated, so as to protect the entire Chrome community from being exploited because of a premature release of the specifics of the problems.

As noted above and in the various reports about this, the engagement of users through the bounty program is a key element in keeping Chrome safe. Google paid $8,337 in bounties to seven researchers from outside the company who reported eight of the vulnerabilities. It has paid out more than $120,000 so far this year.  

While not a reason to quit one’s day job, bounties have proven to be an effective incentive to outsiders.

 Happy browsing. Thank you Google.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.

Peter Bernstein is a technology industry veteran, having worked in multiple capacities with several of the industry's biggest brands, including Avaya, Alcatel-Lucent, Telcordia, HP, Siemens, Nortel, France Telecom, and others, and having served on the Advisory Boards of 15 technology startups. To read more of Peter's work, please visit his columnist page.

Edited by Rich Steeves
Related Articles

The World is His Oyster: Connected Solutions Enable Daniel Ward to See Food

By: Paula Bernier    3/16/2018

Fresh seafood can taste great, but if it is not handled properly, people can get sick, and that can lead to business closures and lost revenues. That'…

Read More

How to Get Ready for GDPR if You've Waited Until the Last Minute

By: Special Guest    3/14/2018

With less than two months until the General Data Protection Regulations (GDPR) deadline, many companies have already started making sure that their bu…

Read More

How Fintech is Helping Create Global Businesses

By: Special Guest    3/14/2018

The growth of Fintech probably has not escaped your attention. Whether you're a customer making contactless payments or an investor weighing up CFD tr…

Read More

Are We Prepared for Automation?

By: Special Guest    3/13/2018

We are barreling toward a future of automation. A great proportion of the six million US manufacturing jobs that have disappeared over the last few de…

Read More

The Dark Web - A Hot Bed for Cybercrime

By: Special Guest    3/12/2018

There is a corner of the internet that is cloaked from every day users. Beneath the typical search engines and web browsers, an illegal marketplace is…

Read More