Only a couple of days after the last update of Google’s Chrome browser, another new version, 22.0.1229,.94, has been released, for Windows, Linux, and Mac OS X. This release fixes security flaws that make Chrome vulnerable to a specific exploit, involving the rendering process for Scalable Vector Graphics [SVG], and Chrome’s inter-process communications. More details are available in the Release Announcement.
The exploit was discovered by a hacker who goes by the name “Pinkie Pie”, as part of Google’s second Pwnium contest. Google offers cash prizes to those who can demonstrate security vulnerabilities in its software; because this exploit attacked only code that is part of Chrome, Pinkie Pie was eligible for the top award of $ 60,000 and a ChromeBook computer. Google software engineer Chris Evans has a blog post describing the exploit in more detail. Ars Technica also has an article on the exploit.
I think Google is to be commended for taking an active approach to improving the security of its software, by the Pwnium contests, and by its regular “bug bounty” program. They also deserve credit for developing a fix for this exploit in a matter of hours.