Google Patches 19 Chrome Bugs Before Hacking Contest Begins

From PC World: Google on Monday patched 19 vulnerabilities in Chrome, paying nine researchers $14,000 in bug bounties for reporting the flaws.

As it did last year, Google beefed up the security of its browser a week before the kickoff of Pwn2Own, the annual hacking contest held at the CanSecWest security conference in Vancouver, British Columbia.

The update to Chrome 9.0.597.107 fixed 16 flaws rated "high," the second-most-severe ranking in Google's threat system, and quashed three "medium" bugs.

None of the vulnerabilities were ranked "critical," the category essentially reserved for bugs that may let an attacker escape Chrome's anti-exploit "sandbox." Google patched two sandbox-escape bugs -- both pegged critical -- in Chrome this year.

The bugs patched Monday were in several components, including WebGL, the hardware accelerated 3D graphics API that debuted in early February with Chrome 9; SVG (scalable vector graphics) rendering and animation; and the browser's address bar.

Nearly a quarter of the vulnerabilities were identified as "stale pointer" bugs, a term used to describe flaws in an application's -- in this case, Chrome's -- memory allocation code.

View: Article @ Source Site