Google has released Chrome 17.0.963.65 for Windows, Macintosh, Linux and Google Chrome Frame which provides fixes for multiple vulnerabilities identified may have allowed for denial-of-service (DoS) attacks or the execution of malicious arbitrary code.
The Chrome 17.0.963.65 release also contains updates for the Adobe Flash player. Google also announced the awarding of bounties for the identification of several of the vulnerabilities, including:
- [$10,000] [116661] Rockstar CVE-1337-d00d1: Excessive WebKit fuzzing. Credit to miaubiz.
- [$10,000] [116662] Legend CVE-1337-d00d2: Awesome variety of fuzz targets. Credit to Aki Helin of OUSPG.
- [$10,000] [116663] Superhero CVE-1337-d00d3: Significant pain inflicted upon SVG. Credit to Arthur Gerkis.
"To determine the above rewards, we looked at bug finding performance over the past few months. The three named individuals stood out significantly," Google's Jason Kersey wrote.
The continued use of bug bounties as an incentive for security improvements has been a successful strategy for Google, and in this instance the company has awarded bonus payouts.
"We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we’re dropping a surprise bonus. We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn’t be possible without the aggressive bug hunting of the wider community," Kersey stated.
More details on the Chrome release, as well as bugs and bounties offered by Google can be found here:
Source: http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html