Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google quashes 31 vulnerabilities, restores Metro mode 'steppers' with Chrome 34

Gregg Keizer | April 14, 2014
Updates browser after paying nearly US$30,000 in bug bounties.

Google earlier this week updated Chrome to version 34, patching 31 vulnerabilities and paying out nearly US$30,000 in bug bounties to outside researchers.

Chrome 34 shipped Tuesday as an automatic update for Windows, OS X and Linux users. On the same day, Google also refreshed Chrome OS, its browser-based operating system that powers various vendors' inexpensive notebooks.

Google paid $29,500 in bounties for 12 bugs reported by outsiders and an additional 19 found by in-house researchers and other contributors to Chromium, the open-source project that feeds code into Chrome.

Five of the 12 bounty-eligible vulnerabilities were tagged as "use-after-free" flaws, a type of memory management bug that Chrome researchers have been adept at finding, in large part because of the Google-designed "Address Sanitizer" fuzzing tool, which is available to outside bug hunters.

Ten flaws in V8, Chrome's JavaScript engine, were also patched in Chrome 34.

Google posted its usual terse descriptions of the vulnerabilities addressed in the update on April 8.

Elsewhere in Chrome 34, Google updated Flash Player to the most current version. Also on Tuesday, Adobe patched four flaws in the media player, including one that was revealed by French vulnerability broker Vupen at the Pwn2Own hacking contest the month before. Vupen was awarded $75,000 for its successful exploit of Flash Player.

Adobe has not yet patched a second vulnerability used at Pwn2Own by a different team.

Besides the bug fixes, Google added support for importing supervised users into Chrome on new computers, a feature that debuted in February with the beta version of the browser. "Supervised users" are typically family members, usually children, who are given access to Chrome on a shared personal computer; one in the family acts as an administrator of sorts, who manages a list of permitted and/or blocked websites, and takes requests for access to other URLs.

Those supervised-user settings can now be imported to any Chrome-equipped device in the home that's running Windows, OS X or Linux, eliminating the need to recreate those settings when the family adds another personal computer to the household. After import, those settings are kept synchronized across all devices.

Chrome 34 also debuted a tweaked version for Windows 8.1's "Modern," ne "Metro" mode, responding to critics who had blasted Google for adopting a non-standard scrollbar they said made it harder for them to navigate pages.

Those grievances had focused on two: Chrome's scrollbars were significantly thinner, and Google dumped the scroll arrows, also called "steppers," within the scrollbar.

Google quickly recanted the stripping of steppers, and just days after the new Metro-mode user interface (UI) appeared, said it would restore them in Chrome 34.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.