Google shores up Chromes vulnerabilities before telling hackers to bring it on

first_imgGoogle has been trying to make a name for Chrome as the most secure browser out there, but they’ve just put their money where their mouth is by paying nine researchers a total of $14,000 for finding vulnerabilities in its Chrome browser to shore it up for next week’s annual Pwn2Own hacking contest. About a month ago, google offered a bounty of about $20,000 to anyone who could escape the Chrome sandbox and compromise a user’s system. Chrome’s sandbox keeps browser code from interacting with a user’s operating system, and Google’s justly proud of it, but the only way they can make sure it is working is by having hackers bang on it.AdChoices广告Bang on it, hackers did. They never did manage to find a way to get out of Chrome’s sandbox, but they did find several lesser security vulnerabilities, including one in WebGL, the hardware accelerated 3D graphics API that Google debuted in Chrome back in early February. A vulnerability in WebGL makes sense, as it’s one of Chrome’s newest features, but there were others identified as well, including one in Chrome’s SVG — or scalable vector graphics — rendering and animation, and even one in Chrome’s address bar. The most vulnerabilities by far were found in Chrome’s memory allocation code, which accounted for nearly 25% of all vulnerabilities spotted. All in all, the outside researchers found fifteen bugs, with Google themselves identifying four more. 16 of these bugs were rated as of high importance, while three were rated medium. None were critical.Google, always quick when it comes to patching Chrome, managed to shore up the foundations and issued a fixed patch on Monday. With Pwn2Own starting next week in Vancouver, though, and Google’s $20,000 offer to any hacker who can escape their sandbox, my guess is we’ll be seeing more vulnerabilities patched soon enough.Read more at Computerworldlast_img

Post A Comment

Your email address will not be published. Required fields are marked *