Google Updates Chrome Browser Ahead of Hacking Contest
Google updated its Chrome browser yesterday (Feb. 21) to version 25, fixing nine critical security flaws and 12 other bugs.
The upgrade comes just two weeks before the annual Pwn2Own browser-hacking contest at the CanSecWest security conference in Vancouver, British Columbia, in early March.
Pwn2Own, now in its seventh year, pits some of the world's best hackers against the defenses of Chrome, Mozilla Firefox, Microsoft's Internet Explorer and Apple's Safari.
The first contestant to crack Chrome on Windows 7 will net $100,000 in U.S. currency, a sum matched only by the reward for cracking IE 10 on Windows 8. (The other Web browsers, including IE 9 on Windows 7, are considered somewhat less secure and offer smaller cash prizes.)
Despite the six-figure carrot being dangled, Google shelled out only $3,500 to independent researchers for the fixes pushed out in this week's update, which included several patches for memory-corruption flaws.
A flaw in the open-source mathematical markup language MathML made Google pull MathML implementation out of Chrome for the time being, but Chrome's Jason Kersey promised it would be back in a future update.
"The WebKit MathML implementation isn’t quite ready for prime time yet, but we are excited to enable it again in a future release once the security issues have been addressed," Kersey said in an official Chrome blog posting.
Mac OS X and Windows Chrome users should be updated to the latest version automatically. Linux users should check their distribution's package manager.