Google Debugs Chrome

By Peter Bernstein August 23, 2011

Ok, the Google Chrome browser had some problems. Yet, as a Google Chrome browser enthusiast, I am always impressed by both the rarity of such problems and Google’s attention to fixing them. It may not be the only reason it is my default browser but it is certainly one of them. I am particularly pleased that their focus on keeping the user experience trustworthy includes reaching out (and giving credit to) the Chrome user community as well as Google employees. Giving credit where credit is due is important.

Thus, even before writing this, I checked to make sure I had the patches to fix 11 vulnerabilities in Chrome that were released yesterday (August 22).  I did and I feel better, especially since one of the bugs identified was deemed “critical.”

Chrome vulnerabilities found and fixed

For the technically minded, the following two links will get your juices flowing.

  • As cited above, Google Chrome Releases is a company blog that lists the fixes and who deserves credit and is not a bad thing to bookmark.
  • Chromium Security provides information and links on how you too can be rewarded for spotting a problem.

If you are a Chrome user, you will be automatically updated, and if you wish to try Chrome, click here for the latest version for Windows XP, Vista and Windows 7, which include the fixes.

To summarize here is what just got de-bugged. It included: one that got Google’s highest risk rating of “critical," nine rated as "high" and one "medium."

As characterized in a Computerworld article, the list of vulnerabilities fixed were:

  1. Critical – a “memory corruption in vertex handing," referring to code that adds special effects such as textures to 3-D shapes that affected only the Windows version of Chrome.
  2. High —four “use-after-free” bugs that can be used to inject attack code.
  3. Medium — URL parsing confusion on the command line.

Keeping up with the bad guys

If you are keeping score at home, this is the second time this month Chrome has been de-bugged, and the “critical” designation is the sixth of the year. As a mandated precaution employed in all such instances, Google locked down the Chrome bug-tracking database which will remain closed until the coast is clear, e.g., most people have updated, so as to protect the entire Chrome community from being exploited because of a premature release of the specifics of the problems.

As noted above and in the various reports about this, the engagement of users through the bounty program is a key element in keeping Chrome safe. Google paid $8,337 in bounties to seven researchers from outside the company who reported eight of the vulnerabilities. It has paid out more than $120,000 so far this year.  

While not a reason to quit one’s day job, bounties have proven to be an effective incentive to outsiders.

 Happy browsing. Thank you Google.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.

Peter Bernstein is a technology industry veteran, having worked in multiple capacities with several of the industry's biggest brands, including Avaya, Alcatel-Lucent, Telcordia, HP, Siemens, Nortel, France Telecom, and others, and having served on the Advisory Boards of 15 technology startups. To read more of Peter's work, please visit his columnist page.

Edited by Rich Steeves
Related Articles

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More

Putting the Flow into Workflow, Paessler and Briefery Help Businesses Operate Better

By: Cynthia S. Artin    9/14/2018

The digital transformation of business is generating a lot of value, through more automation, more intelligence, and ultimately more efficiency.

Read More

From Mainframe to Open Frameworks, Linux Foundation Fuels Up with Rocket Software

By: Special Guest    9/6/2018

Last week, at the Open Source Summit, hosted by The Linux Foundation, the Open Mainframe Project gave birth to Zowe, introduced a new open source soft…

Read More

Unified Office Takes a Trip to the Dentist Office

By: Cynthia S. Artin    9/6/2018

Not many of us love going to see the dentist, and one company working across unified voice, productivity and even IoT systems is out to make the exper…

Read More

AIOps Outfit Moogsoft Launches Observe

By: Paula Bernier    8/30/2018

Moogsoft Observe advances the capabilities of AIOps to help IT teams better manage their services and applications in the face of a massive proliferat…

Read More