Google Updates Chrome, Awards $1,000 for Critical Flaw Fix
Google updated its Chrome browser yesterday (March 26) to version number 26, patching two serious security flaws and a number of smaller ones.
For hackers, Chrome is one of the toughest Web browsers to crack, but that doesn't mean that it's perfect. Consequently, Google offers a $1,000 reward to whomever can point out major security flaws.
One Finnish code expert earned his share recently by pointing out a huge vulnerability in Chrome's audio systems, one of the two serious flaws patched by yesterday's update.
Google will not divulge exactly how the security flaw worked until it has finished distributing patches to the majority of Chrome users. The issue involved the "use-after-free" functionality of Chrome's Web audio player.
Use-after-free refers to how a program allocates digital memory after finishing its task. For example, playing a song in Chrome requires a certain amount of system resources.
After the song's completion, those resources have to migrate elsewhere in the browser. By taking advantage of this newly freed memory, a hacker could introduce any number of malicious bits of code.
Atte Kettunen, the code expert who found the flaw, is a security expert based in Finland, and will receive $1,000 for his contribution to keeping Chrome safe.
Google offers the same prize to anyone who can find a major flaw in its popular, lightweight browser, although Kettunen was the only one who earned the honor this time around.
Google gave other vulnerabilities lower priority, or used its internal employees to find them (the $1,000 reward only applies to outsiders). The only other high-priority fix involves a potential data leakage between multiple tabs, while less likely candidates included oddities in Chrome's dev tools and its HTML processing. [See also: 5 Ways to Get the Most Out of Google Chrome]
Chrome updates automatically for Windows users; Mac and Linux users have to update manually.
If you want the update right now, it's quite simple to acquire. Select "About Google Chrome" in the program's main menu, and it will automatically search for, download and apply the update for version 26.
Remember: If you find a security flaw in the new version, don't keep it to yourself. There could be $1,000 in it for you.