Google is out this week with its biggest Chrome browser update in years. The Chrome 37 release now provides a supported build for Windows 64-bit systems and also provides the largest number of security fixes yet seen from Google.
Since Chrome was first released by Google back in 2008, support on Windows has been limited to 32 bit systems. What that has meant is that 64-bit Windows users have been forced to run the 32-bit version of Chrome, with limitations on performance and memory.
“64-bit Chrome offers many benefits for speed, stability and security,” Will Harris, Software Engineer at Google wrote in a blog post. “Our measurements have shown that the native 64-bit version of Chrome has improved speed on many of our graphics and media benchmarks.”
The security impact of 64-bit Chrome is particularly noteworthy as it can reduce the risk of memory related exploitation. With 64-bit support, Chrome includes a feature known as PartitionAlloc which is a form of defense for attacks that abuse memory allocation parameters.
Security is always a big part of any Chrome release and with Chrome 37, Google is providing its largest patch update in years. 50 security vulnerabilities in total are being patched and Google is paying researchers a total of $41,000 in security awards as part of the release.
The biggest award is a $30,000 amount being paid to a researcher only identified as “lokihardt@asrt”. The award is for a pair of vulnerabilities that could potentially lead to a remote code execution outside of the Google Chrome process sandbox.
Google also notes that it paid out a total of $8,000 in awards to researchers Collin Payne, Christoph Diehl, Sebastian Mauer, Atte Kettunen, and cloudfuzzer for reporting flaws during the development process of Chrome.
Going a step further, Google notes that its own internal security teams and code review efforts also found and fixed flaws. Many of those flaws were found with Google’s open-source AddressSanitizer technology which is a memory error detector.
Sean Michael Kerner is a senior editor at Datamation and InternetNews.com. Follow him on Twitter @TechJournalist
Photo courtesy of Shutterstock.