Google Releases Chrome 6, Pays $4337 In Bounties 177
Trailrunner7 writes "Google has released a new version of its Chrome browser and has included more than a dozen security fixes in the update. The new version, 6.0.472.53, was released two years to the day after the company pushed out the first version of Chrome. Google Chrome 6 includes patches for 14 total security vulnerabilities, including six high-priority flaws, and the company paid out a total of $4,337 in bug bounties to researchers who reported the vulnerabilities. A number of the flaws that didn't qualify for bug bounties were discovered by members of Google's internal security team." (Read on for more, below.)
Also on the Chrome front, morsch writes "Chrome 7 for Linux is planned to tie in with the Gnome Keyring and the KDE Wallet to securely store saved browser passwords. Users of the stable version of Google's Webkit-based browser might be surprised to find out that, so far, passwords are stored on the hard disk as clear text. On Windows, Chrome has always used a platform-specific crypto API call for encrypted storage. The corresponding Linux function was never implemented — until now. Unstable versions of Chrome 7 still disable the feature by default; it can be enabled using a parameter."
Re:Where's the love for the Mac passwords? (Score:4, Informative)
Re:Version bloat (Score:4, Informative)
Re:Print Preview? (Score:5, Informative)
no, no and yes
Re:$4,337 from a multi-billion dollar company? (Score:5, Informative)
Since you're not going to RTFA or even the summary i'll repost it here..
Re:$4,337 from a multi-billion dollar company? (Score:2, Informative)
Re:Wheel of Bug Chasers! (Score:3, Informative)
Re:Version bloat (Score:2, Informative)
Re:Wheel of Bug Chasers! (Score:2, Informative)
We've never paid based on the actual value of services. In a free economy, prices should be set by the supply and demand. Even if the demand for a service is great, the price may stil be incredibly low due to high supply. Like water. Can't quite live with out it. What kind of value does that bring to you? More or less than a huge flat screen tv. Less?? But isn't water more valuable to you??!!!
Explaining the economics of game shows, is a bit too much for me at this hour. Safe to say, they contestants aren't paid a bunch because they are rare. Its not a free market.
And I'll just end by pointing out you presenting a false choice. Most people would decide to pay many regular workers significantly more, rather than pay a few game show contestants more. Its not their choice, and its not anyone's choice.
WTF, these passwords are stored in the clear (Score:1, Informative)
I've just confirmed the above, and it's the same on other Linux distros, not only on Ubuntu.
I hope this is some dreadful oversight! An application of Chrome's stature cannot be storing passwords in the clear by design, surely ...
Video on the other hand... (Score:2, Informative)
> Do Flash videos play the audio correctly?
// ==UserScript==
// @name YouTubeWMP
// @version 1.0
// @description Replaces Flash player with WMP in YouTube.
// @run-at document-start
// @include http://www.youtube.com/*
// ==/UserScript==
Yes. The video on the other hand, as in all browsers, is a different story. We're still waiting for the fix from Adobe. In the meantime, you can use the following user script:
----(start of file)----
flp=document.getElementById("movie_player");
flp.outerHTML = "<EMBED type='application/x-mplayer2' width='" + flp.width + "' height='" + flp.height + "' src='" + unescape(flp.getAttribute("flashvars").match(/&fmt_url_map=[^&]*%7C([^&]*)/)[1]) + "' autostart='true' autosize='-1'></EMBED>";
----(end of file)----
This script is for YouTube, you can make similar ones for other sites easily. Just use the resources panel in the developer tools to figure out where to get the link to the flv stream.
Re:Print Preview? (Score:3, Informative)
I think the behaviour being asked for above is the "open with" behaviour common on other browsers, where the file is download to a temporary folder (e.g. $WINUSER$\Local Settings\Temp for Windows) for use by an application selected right from the download dialog. The temp folder can be cleaned up by the browser at a random date in future, or more often than not just sits there until someone decides to clean it out.
This just means the file is out-of-sight out-of-mind for a one-time-use scenario and the user doesn't need to concern themselves with file management post-use.
(Some might say this goes hand-in-hand with private browsing modes. You wait til you're cleaning out a Temp folder for a friend of a friend and notice the number of 30 second video clips...)
Re:Linux Logins (Score:2, Informative)
Re:Yep. My practices are justified. (Score:3, Informative)
Some kind of encryption as obfuscation, DRM-style, is still better than just plain text. One of the tricks used by people who steal hard drives is to try every possible chain of subsequent bits as a password. It's only at most a few trillion tries (less than brute-forcing an 8-char alphanumeric password, and quite feasible with a botnet or a few days of time), and often as few as a few billion, but it gets passwords right quite often. Encryption would defeat this attack.
And it's ACID3 compliant! (Score:4, Informative)
Try it [acidtests.org]