Google has patched four vulnerabilities in Chrome, and disclosed that it had patched a fifth two weeks ago.
The refresh of Chrome 16 was the second security-related update for the browser this month.
One of the five bugs Google said had been quashed was actually a leftover from the 9 January update. According to a blog post by Anthony Laforge, a Chrome program manager, that flaw was actually patched two weeks ago, but “[was] accidentally excluded from the release notes” at the time.
The vulnerability was the most serious of the five, rating a “critical” ranking, Google’s top threat label.
According to the bug-tracking materials for Chromium, the open-source project that feeds code into Chrome, the critical bug caused the browser to crash when users saw Chrome’s anti-malicious site warning and then refreshed the page.
Researcher Chamal de Silva reported the vulnerability in mid-December 2011, and was awarded £2,0000 ($3,133) – Google’s highest bounty – for his work. de Silva’s bug was only the third time Google has paid out the maximum, and the first time since June 2011.
In July 2010, Google boosted its top dollar bounty from £856 – £2,000 ($1,337 to $3,133), making the move less than a week after rival Mozilla increased Firefox bug bounties to £1,922 ($3,000).
Two other researchers who reported three of the remaining vulnerabilities were paid a total of £1,922 in bounties. Those bugs were rated as “high” threats.
Google has paid out more than £5,000 ($8,000) so far this year to independent researchers for filing bug reports. Last year, the search giant spent more than £116,000 ($180,000) on bounties.
Chrome accounted for 19.1 percent of all browsers used last month, a record for Google, according to Web metrics firm Net Application. If its share movement continues on past pace, Chrome will crack the 20 percent mark either this month or next.
Chrome 16, the current stable edition, can be downloaded from Google’s website.
View full post on National Cyber Security » Computer Hacking