New
#1
Google patches Chrome for second time this month.
Source -Google Inc. patched three vulnerabilities in the Windows version of Chrome earlier this week, marking the second time that it has plugged security holes in the browser this month.
Tuesday's update to Chrome 4.1.249.1064 fixed three flaws rated "high," the second-most-severe threat ranking in Google's four-step system. Danish vulnerability tracker Secunia rated the update as "highly critical" under its own severity ranking.
As is Google's practice, technical details of the vulnerabilities were hidden from public view, a tactic the company uses to prevent attackers from accessing the information until the majority of users have updated to the new version.
Researchers credited with reporting two of the flaws were awarded bonuses as part of Google's bug bounty program, which kicked off in January. Most flaws earn their finders $500, but researcher Jordi Chancel was handed $1,000 for the cross-origin bypass vulnerability he found in Chrome's handling of Google URL, a code library used to parse large numbers of Web addresses.
Google patches Chrome for second time this month - Computerworld