New Chrome fixes 50 security issues, bug hunter gets $30k
Posted on 27 August 2014.
Having implemented 50 security fixes, the Google Chrome team has pushed out a new stable version of the popular browser.


The company hasn't shared many bug details since it's first waiting for the majority of users to implement the fixes, but has revealed that it has awarded $30000 to a researchers identified only as lokihardt@asrt for disclosing "a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox."

Other researchers have been awarded between $4,000 and $500 for a slew of high and medium severity bugs, and the Chrome security team has been commended for finding a wide range of flaws through internal audits, fuzzing and other initiatives.

Windows users have additional good news: Windows 64bit Chrome has gone "stable".

"64-bit Chrome offers many benefits for speed, stability and security. Our measurements have shown that the native 64-bit version of Chrome has improved speed on many of our graphics and media benchmarks," software engineer Will Harris shared in a blog post announcing the release.

"For example, the VP9 codec thatís used in High Definition YouTube videos shows a 15% improvement in decoding performance. Stability measurements from people opted into our Canary, Dev and Beta 64-bit channels confirm that 64-bit rendering engines are almost twice as stable as 32-bit engines when handling typical web content. Finally, on 64-bit, our defense in depth security mitigations such as Partition Alloc are able to far more effectively defend against vulnerabilities that rely on controlling the memory layout of objects."

Users looking forward to using 64-bit Chrome must manually download the installer, and be aware that there is currently no 32-bit NPAPI plugin support.









Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //