Google fixes Chrome holes, seeks security reform

From CNET News.com: Just before the Black Hat security conference begins, Google has patched seven secuity holes in its stable version of Chrome and begun an effort to speed up the software industry's response to such vulnerabilities.

Google paid two $1,337 bounties for work that let Chrome avoid critical security problems by sidestepping vulnerabilities in Windows and the widely used glibc software library, according to a Monday blog post about Chrome 5.0.375.125 by Jason Kersey of Google's Chrome team.

Also through its program to reward those who find Chrome security holes, Google paid those who found three high-risk vulnerabilities and one medium-risk vulnerability. The final issue, a low-risk problem, elicited no payment.

That incentive program got more serious in July, when Google announced a new maximum reward of $3,133.7 for severe bugs. (If you're not in on the leetspeak joke, that means "eleet," better than the mere "leet" level that was attainable before.)

Google is trying to steer the security agenda in more ways than just paying those who find holes. In a blog post last week by a group of Googlers, Google called for reform to the "responsible disclosure" practice for sharing newly discovered vulnerabilities.

View: Article @ Source Site