Google has released Chrome 9.0.597.107 for all platforms with a total of 19 security fixes which cost Google $14,000 under its Chromium Security Rewards program. To date Google has given away over $100,000 to ethical hackers who have found and reported security issues with Google’s browser.
The success of the Chrome rewards program led Google to launch a similar program for its Web services back in November. It covers XSS, CSRF, XSSI and other types of vulnerabilities.
Of the 19 fixes to Chrome, 16 where considered high priority by Google including a “URL bar spoof”. The details of the fixes haven’t yet been made public as Google restricts the access to the fix details until “the majority of Chrome users have updated to the latest patched version.”
Google isn’t the only one who has been updating its software. Mozilla has released a new version of its email client Thunderbird. According to its web site Thunderbird 3.1.8 contains several fixes to improve performance, stability and security. The improved stability includes a fix for a crash caused by corrupted JPEG image.
UPDATE: Mozilla has also released Firefox 3.5.17 with several security related fixes including a fix for CVE-2010-3777 a vulnerability which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.