Yesterday we brought you news that Google had paid out $60,000 to Russian university student Sergey Glazunov for finding a security flaw in their Chrome browser. Glazunov, a participant in Google’s Pwnium contest, used a sandbox bypass to hack the latest version of Chrome running on a fully up-to-date Windows 7 PC. Google had offered a $60,000 prize to the first participant to identify a “full Chrome exploit” in the contest. With Glazunov’s success, Google happily paid him the money.
And then they fixed the exploit. Less than 24 hours after Glazunov identified the exploit Google had begun rolling out an updated version of Chrome that patched it. In a post on the Google Chrome release blog last night, Google offered their congratulations to Glazunov and said that the exploit – which involved “UXSS and bad history navigation” – had been fixed. They also said, however, that the full details of the security flaw would be witheld until the update had been installed by the majority of Chrome users.
Google’s Chrome browser has consistently gotten very high marks for its security, and has consistently fared far better than Microsoft’s Internet Explorer or Mozilla Firefox at the Pwn2Own hacking contest at the annual CamSecWest conference. Google has made a habit of rewarding those who are able to find security flaws in the software.
Of course, it goes without saying that if you’re a Chrome user, you should make sure you have the latest update as soon as possible. The latest version is 17.0.963.78.