Google has patched one of the vulnerabilities that a team of researchers used last week to win one portion of the Pwn2Own contest at CanSecWest. The bug is in the WebKit rendering engine.
WebKit is the rendering engine that is at the heart of the Chrome browser, as well as Apple’s Safari browser and the browser that’s installed on the BlackBerry. The vulnerablity in WebKit is one of three that the team of Vincenzo Iozzo, Willem Pinckaers and Ralf-Philipp Weinmann used to bring down the BlackBerry during the contest lat week.
The new release of Chrome, version 10.0.648.133, fixes just the one vulnerability on all supported platforms, Windows, Mac OS X, Linux and Chrome Frame. The bug is a high priority memory corruption vulnerability, but Google isn’t releasing any further details on it until most of its users have updated to the new version.
As part of its bug bounty program, Google paid the researchers a reward of $1,337 for reporting the WebKit flaw.