back to article Chrome patches up after double dose of CanSecWest pwnage

Google has released a patch a day after Sergey Glazunov hacked its browser with a pair of zero-day flaws. The update covers Windows, Mac OS X, Linux and Chromium OS. Google's Chrome fell to two separate attacks on Wednesday evening, both based on previously unknown vulnerabilities during competitions at the CanSecWest …

COMMENTS

This topic is closed for new posts.
  1. David 39
    Pint

    Dirty Hackers

    No 5k1p7 k1ddi35 h3r3 plz keep moving kthkxbai.

  2. richard 7

    But...

    I seem to remeber Google saying this couldnt happen.

    1. dotdavid
      FAIL

      Re: But...

      "I seem to remeber Google saying this couldnt happen."

      Google may have its' faults, but I'm pretty sure they're not stupid enough to say something that literally no-one in IT would believe.

    2. AndrueC Silver badge
      Joke

      Re: But...

      >I seem to remeber Google saying this couldnt happen.

      I think your memory has been hacked. You might want to check your security.

  3. Adam Trickett
    Linux

    All software has bugs!

    All software has bugs!

    No matter what you have you need to patch and regularly and even then you may still be vulnerable, so be careful out there.

    Good that Google have patched already.

    1. sabroni Silver badge

      Good that Google have patched already...

      but does make me wonder how thoroughly that patch has been tested...

      1. admiraljkb

        Re: Good that Google have patched already...

        Yeah. Depends on what the code to fix said defect touched, the complexity and how well the code is understood and documented ahead of time. But targeted automated testing on something like a browser *should* be able to run pretty quick. The fact it did get out so quick, combined with the compliments towards Chrome code from Vupen which just got through hacking it leads me to believe the code is fairly well done though.

        I do appreciate they were able to get that patch out this quickly and not leave this hole out there. There are others where it would have taken at least a month to get a fix out.

        1. Anonymous Coward
          Anonymous Coward

          Re: at least a month

          ... years ... never ...

  4. Anonymous Coward
    Anonymous Coward

    Prize money.

    "Google also tosses out bundles of cash ranging from $500 to $1,337"

    That's a 1337 amount of cash

    1. The Baron
      Happy

      Re: Prize money.

      Obvious correlation is obvious?

    2. Anonymous Coward
      Anonymous Coward

      Re: Prize money.

      Nicely done: Posted Friday 9th March 2012 13:37 GMT

    3. Anonymous Coward
      Anonymous Coward

      Re: Prize money.

      And saves them having to pay their own employees proper money to fix them properly.

  5. Surreal
    Pint

    Refreshing

    I applaud Google for mingling with the security community*, paying real money to researchers, and working toward a more secure platform. Seems cost-effective, a P.R. win, and much more clever than, say, declaring that one's steenky database line is "Unbreakable!". I still get the giggles from that one.

    * sounds more dignified than "drunken aspies in black tshirts".

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020