Chrome 38
Google today released the latest version of its popular browser Chrome. ย The version released today is Chrome 38 and has around 159 patches to fix the holes that were discovered by a variety of white hat hackers, ethical hackers and security researchers. ย Google has paid $75000.00 /ย โฌ59,250.00 in bounty money to these testers.
Whats fixed
The largest slice of the bounty cake went to security researcher, Jรผri Aedla. ย For his research and discovery of the bugs is a combination of V8 and Inter-process Communication (IPC) vulnerabilities that could lead to remote code execution outside the sandbox, he received a big โthank youโ in the form of a $27,633.00 / โฌ21,830.00 from Google.
The second largest bounty receiver is Atte Kettunen of the Oulu University Secure Programming Group (OUSPG) and Collin Payne. Both of them were given $23,000.00 / โฌ18,100.00 as an additional reward for working with the Google security team during the development cycle to prevent other security bugs from reaching the stable release.
Other fixes
Google stated that ย 113, out of the total 159 security holes. were relatively minor. ย Most of these were discovered internally by the Google Security team using MemorySanitizer, a custom tool built by Google that detects uninitialized memory reads in C/C++ programs.
One of the bugs fixed in the Chrome 38 is the multiple ย use-after-free bugs in Events, Rendering, DOM and Web Workers and a couple of out-of-bounds read errors in PDFium, Chromeโs PDF rendering engine.
Stable release available now
Google has released the stable version of ย Chrome 38 for all supported desktop platforms. ย One of the major modifications in Chrome 38 is a new built-in automatic update mechanism. ย The auto update mechanism will update Chrome as and when Google releases fixes/patches as a part of its ever increasing security needs. ย If the browser is not updated when launched, it should move to the next build after a restart.
You can download the latest Chrome 38 stable version from here