Google Debugs Chrome

By Peter Bernstein August 23, 2011

Ok, the Google Chrome browser had some problems. Yet, as a Google Chrome browser enthusiast, I am always impressed by both the rarity of such problems and Google’s attention to fixing them. It may not be the only reason it is my default browser but it is certainly one of them. I am particularly pleased that their focus on keeping the user experience trustworthy includes reaching out (and giving credit to) the Chrome user community as well as Google employees. Giving credit where credit is due is important.

Thus, even before writing this, I checked to make sure I had the patches to fix 11 vulnerabilities in Chrome that were released yesterday (August 22).  I did and I feel better, especially since one of the bugs identified was deemed “critical.”

Chrome vulnerabilities found and fixed

For the technically minded, the following two links will get your juices flowing.

  • As cited above, Google Chrome Releases is a company blog that lists the fixes and who deserves credit and is not a bad thing to bookmark.
  • Chromium Security provides information and links on how you too can be rewarded for spotting a problem.

If you are a Chrome user, you will be automatically updated, and if you wish to try Chrome, click here for the latest version for Windows XP, Vista and Windows 7, which include the fixes.

To summarize here is what just got de-bugged. It included: one that got Google’s highest risk rating of “critical," nine rated as "high" and one "medium."

As characterized in a Computerworld article, the list of vulnerabilities fixed were:

  1. Critical – a “memory corruption in vertex handing," referring to code that adds special effects such as textures to 3-D shapes that affected only the Windows version of Chrome.
  2. High —four “use-after-free” bugs that can be used to inject attack code.
  3. Medium — URL parsing confusion on the command line.

Keeping up with the bad guys

If you are keeping score at home, this is the second time this month Chrome has been de-bugged, and the “critical” designation is the sixth of the year. As a mandated precaution employed in all such instances, Google locked down the Chrome bug-tracking database which will remain closed until the coast is clear, e.g., most people have updated, so as to protect the entire Chrome community from being exploited because of a premature release of the specifics of the problems.

As noted above and in the various reports about this, the engagement of users through the bounty program is a key element in keeping Chrome safe. Google paid $8,337 in bounties to seven researchers from outside the company who reported eight of the vulnerabilities. It has paid out more than $120,000 so far this year.  

While not a reason to quit one’s day job, bounties have proven to be an effective incentive to outsiders.

 Happy browsing. Thank you Google.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.

Peter Bernstein is a technology industry veteran, having worked in multiple capacities with several of the industry's biggest brands, including Avaya, Alcatel-Lucent, Telcordia, HP, Siemens, Nortel, France Telecom, and others, and having served on the Advisory Boards of 15 technology startups. To read more of Peter's work, please visit his columnist page.

Edited by Rich Steeves
Related Articles

Is 5G a Spectrum-eating Monster that Destroys Competition?

By: Fred Goldstein    6/15/2018

To hear the current FCC talk about it, 5G mobile service is the be-all and end-all of not only mobile communications, but the answer to most of the co…

Read More

FX Group Makes the Red Carpet Shoppable with Blockchain-Based mCart Marketplace-as-a-Service

By: TMCnet News    6/14/2018

mCart by Mavatar announces the launch of the world's first blockchain-based decentralized mCart marketplace by the FX Group.

Read More

Judge Gives AT&T-Time Warner Deal Green Light

By: Paula Bernier    6/12/2018

Federal judge Richard Leon gave the $85 billion deal the green light today - and without any requirements to sell off any parts of the company. He als…

Read More

A New Foundation for Evolving Blockchain As a Fundamental Network Technology

By: Arti Loftus    6/12/2018

There are now thousands of blockchains, and unless you are a cryptophile, you won't recognize most of them.

Read More