LOS ANGELES — a Mozilla security expert earned $1000 reward by identifying a vulnerability that led to Google’s latest update to its popular Open Source web browser.
According to the company, Google Chrome 15.0.874.121 updates the software to fix an out-of-bounds memory write issue in the browser’s JavaScript engine, as well as adds better support for SVG element sizing within iframes.
The security vulnerability allowed unauthorized code to be executed by remote users.
The reward for finding the problem was reportedly paid to computer security engineer Christian Holler, through the Chromium Vulnerability Rewards Programs.
“Other fixes contained in this release deal with the browser’s behavior on Chrome OS, Google’s cloud-oriented operating system, and include changes to the default NAT traversal policy used by the Chromoting remote access feature, the downloads folder display, the login process, and the GPU blacklist,” CSO’s Lucian Constantin explains, adding that “the update also includes some minor bugfixes in the V8 JavaScript engine.”
Google says that its Chrome update is applicable to all Windows, Mac, Linux and Chrome Frame platforms. Most users should receive the new update automatically upon restarting their browser.
According to W3Schools.com, Google Chrome was used by 32.3 percent of surfers during October of 2011, up from 19.2 percent in October of 2010.
