Google today released the latest version of its popular browser Chrome. The version released today is Chrome 38 and has around 159 patches to fix the holes that were discovered by a variety of white hat hackers, ethical hackers and security researchers. Google has paid $75000.00 / €59,250.00 in bounty money to these testers.
The largest slice of the bounty cake went to security researcher, Jüri Aedla. For his research and discovery of the bugs is a combination of V8 and Inter-process Communication (IPC) vulnerabilities that could lead to remote code execution outside the sandbox, he received a big “thank you” in the form of a $27,633.00 / €21,830.00 from Google.
The second largest bounty receiver is Atte Kettunen of the Oulu University Secure Programming Group (OUSPG) and Collin Payne. Both of them were given $23,000.00 / €18,100.00 as an additional reward for working with the Google security team during the development cycle to prevent other security bugs from reaching the stable release.
Google stated that 113, out of the total 159 security holes. were relatively minor. Most of these were discovered internally by the Google Security team using MemorySanitizer, a custom tool built by Google that detects uninitialized memory reads in C/C++ programs.
One of the bugs fixed in the Chrome 38 is the multiple use-after-free bugs in Events, Rendering, DOM and Web Workers and a couple of out-of-bounds read errors in PDFium, Chrome’s PDF rendering engine.
Stable release available now
Google has released the stable version of Chrome 38 for all supported desktop platforms. One of the major modifications in Chrome 38 is a new built-in automatic update mechanism. The auto update mechanism will update Chrome as and when Google releases fixes/patches as a part of its ever increasing security needs. If the browser is not updated when launched, it should move to the next build after a restart.
You can download the latest Chrome 38 stable version from here