Google Boosts Security in Chrome 41

Google is paying out $52,000 in security awards as part of the new browser release.

Google is out with Chrome 41, providing users with new security updates, bug fixes and features for the widely used browser.

On the features side, Chrome 41 now supports a number of new web technologies, including JavaScript Template Literals. In a blog Google software engineer Erik Arvidsson explained that Template Literals adds string formatting into Javascript.

"The Javascript we know today lacks basic string formatting features, doesn't support multi-line strings, and makes it difficult to protect users from XSS (Cross Site Scripting) attacks when inserting user-generated content into pages," Arvidsson explained.

From a CSS (Cascading Style Sheet) perspective, Chrome 41 includes support for a number of new attributes, including 'image-rendering:pixelated'.

"The image-rendering property provides a hint to the user-agent about what aspects of an image are most important to preserve when the image is scaled," The W3C specifications page states.

The specification notes that with the pixelated attribute,"the image must be scaled with the 'nearest neighbor' or similar algorithm, to preserve a 'pixelated' look as the image changes in size."


As with all Chrome updates, security vulnerability fixes are major part of the Chrome 41 stable release. In Chrome 41, Google is fixing 51 different security vulnerabilities, 12 of which are rated as having high impact.

Six of the high impact vulnerabilities are use-after-free (UFA) memory errors and four of the high impact vulnerabilities are out-of-bound memory errors. One high-impact flaw is a type confusion flaw in Google v8's JavaScript engine.

Of the 51 vulnerabilities, 18 were reported to Google by third party researchers that were rewarded by Google for their efforts. In total, Google paid researchers $52,000 in awards, with the top single award being a $7,500 payment to a researcher identified by Google only as 'anonymous'. The anonymous researcher was awarded the $7,500 for CVE-2015-1212, which is one of the high-impact out-of-bounds memory flaws.

Google has been awarding security researcher since 2010, with rewards for responsibly disclosing flaws in Chrome. In 2014, Google reported that it paid out approximately $1.5 million awards to security researchers.

Sean Michael Kerner is a senior editor at Datamation and Follow him on Twitter @TechJournalist

Photo courtesy of Shutterstock.

Tags: Google, browser, Chrome, Security Concerns

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.