Google patches 30 Chrome bugs, adds Instant Pages

Google patched 30 vulnerabilities in Chrome today, paying out the third-highest bounty total ever for the bugs that outsiders filed with its security team.

The company packaged the patches with an update to Chrome 13, adding Instant Pages to the "stable" channel of the browser. The feature, which Google earlier tucked into Chrome 13 previews, proactively pre-loads some search results to speed up browsing.

Google last upgraded Chrome's stable build in early June. Like Mozilla, which this year shifted to a rapid-release schedule, Google produces an update about every six-to-eight weeks.

Fourteen of the 30 vulnerabilities patched today were rated "high," the second-most-serious ranking in Google's four-step scoring system, while nine were pegged "medium" and the remaining seven were labeled "low."

None of the flaws were ranked "critical," the category usually reserved for bugs that may allow an attacker to escape Chrome's anti-exploit sandbox. Google has patched several critical bugs this year, the last time in April.

Most of the vulnerabilities rated as a high threat -- nine of the 14 -- were identified as "use-after-free" bugs, a type of memory management flaw that can be exploited to inject attack code.

As it always does, Google locked down the Chrome bug-tracking database for the 30 vulnerabilities to prevent outsiders from obtaining details on the underlying flaws. The company bars the public from the database to give users time to update, sometimes waiting months before lifting the embargo.

For example, only three of the 15 bugs Google patched on June 7 can yet be accessed by the public.

Google paid out $16,000 in bounties to 10 researchers who reported 17 of the vulnerabilities patched today, including $7,500 to a researcher identified as "miaubiz," and $2,000 to another frequent contributor, Sergey Glazunov.

No Comments Yet.

Leave a comment