Google has released a new version of its Chrome browser and has included more than a dozen security fixes in the update. The new version, 6.0.472.53, was released two years to the day after the company pushed out the first version of Chrome.
Google Chrome 6 includes patches for 14 total security vulnerabilities, including six high-priority flaws, and the company paid out a total of $4,337 in bug bounties to researchers who reported the vulnerabilities. A number of the flaws that didn’t qualify for bug bounties were discovered by members of Google’s internal security team.
The new release of Chrome also fixes an older bug, a Windows kernel flaw, that Google had thought it fixed in a previous version.The highest bug bounty, $1337, was paid for an integer error in WebSockets found by Keith Campbell. A second high-priority flaw, a sandbox parameter deserialization error, was discovered by two members of Adobe’s Reader Sandbox Team.
Aside from the security updates, Chrome 6 also improves some of the security mechanisms in the browser.
“Behind the scenes, we continue to extend the security features that help you browse the web more safely. This includes Chrome’s Safe Browsing technology—which serves as a warning system if you’re about to visit a site suspected of phishing or hosting malware; Chrome’s auto-update
mechanism—which helps ensure that the browser is always up-to-date with
the latest security updates; and the browser’s “sandbox”—an added layer
of protection which prevents malicious code on an exploited website
from infecting your computer,” the company said on its Chrome blog.
This is the first major release of Chrome since Google increased the rewards it pays to researchers who identify bugs in the browser. None of the bugs fixed in Chrome 6 qualified for the maximum reward of $3133.7, which Google said it will pay out for bugs deemed to be SecSeverity Critical.