Google Releases Chrome 6, Pays $4337 In Bounties 177
Trailrunner7 writes "Google has released a new version of its Chrome browser and has included more than a dozen security fixes in the update. The new version, 6.0.472.53, was released two years to the day after the company pushed out the first version of Chrome. Google Chrome 6 includes patches for 14 total security vulnerabilities, including six high-priority flaws, and the company paid out a total of $4,337 in bug bounties to researchers who reported the vulnerabilities. A number of the flaws that didn't qualify for bug bounties were discovered by members of Google's internal security team." (Read on for more, below.)
Also on the Chrome front, morsch writes "Chrome 7 for Linux is planned to tie in with the Gnome Keyring and the KDE Wallet to securely store saved browser passwords. Users of the stable version of Google's Webkit-based browser might be surprised to find out that, so far, passwords are stored on the hard disk as clear text. On Windows, Chrome has always used a platform-specific crypto API call for encrypted storage. The corresponding Linux function was never implemented — until now. Unstable versions of Chrome 7 still disable the feature by default; it can be enabled using a parameter."
$4337 in bounties? (Score:1, Interesting)
$ 4337 in bounties? So thats one real hard bug $ l337 and $ 3000 worth of bugs that the skript-kiddies could have got.
Print Preview? (Score:1, Interesting)
Version bloat (Score:3, Interesting)
Any reasion for the version-number bloat? I mean, I guess it looks a bit cooler next to IE 8, but I don't really think people are that naive.
Comment removed (Score:2, Interesting)
Re:$4,337 from a multi-billion dollar company? (Score:1, Interesting)
Re:Print Preview? (Score:4, Interesting)
Uhh...my Chromium 5 for Linux has print preview and proper flash support. And the same file download behavior as browsers like Firefox - I open a file the browser doesn't handle, it downloads to the folder I've specified for downloads. How is that a problem? As I said, it's the same thing Mozilla does. I don't _want_ a browser to just start deleting my downloads on it's own. If I tell it 'yes, download this file', that file should stay where it is until I decide to delete it.
Linux Logins (Score:5, Interesting)
Re:Crazy Article (Score:3, Interesting)
FWIW, they thanked members of the Chrome team a few months ago when they announced sandboxing support in an upcoming version of Acrobat Reader.
Implement your own secure storage strategy (Score:2, Interesting)
As a Linux application developer who has used keyring/kwallet for saving secure passwords in the past. I'd recommend not to use them.
Various different distributions have different versions of the these utilities and their libraries. There are so many variations that it becomes hard to support all versions. Most desktop linux end users have never used them and when they see a warning window popping up (which these utilities tend to show). They cancel the window rather than going through the authentication process.
Just my 2 cents.