Google on Tuesday released Chrome 19, patched 20 vulnerabilities in the browser, and doled out $16,500 in bug bounties and rewards to independent researchers.
Chrome 19’s most obvious change is the new support for tab synchronization. Like the already available bookmark, password, app and extension sync, open tabs will now be kept in step on all copies of Chrome, on multiple platforms, (including Android) that are linked to the same Google account.
Although Chrome 19 supports the feature, synchronization will not be enabled for all users immediately, said Raz Mathias, a Chrome software engineer. “The tab sync feature will be rolled out gradually over the coming weeks, Mathias said in a Tuesday blog.
Chrome is not breaking ground here.
Mozilla has had tab sync since Firefox 4, which shipped more than a year ago, and third-party extensions, like Xmarks, sync open tabs across browsers from different vendors.
Chrome was last upgraded seven weeks ago. Google releases a new “stable” version about every six to eight weeks and has been on a slightly slower schedule recently than rival Mozilla’s strict every-six-weeks tempo.
Chrome 19 also includes patches for 20 security vulnerabilities: Eight were ranked “high,” Google’s second-most-serious threat rating, seven were marked “medium,” and five were labeled “low.”
Seven of the vulnerabilities were described in Google’s brief advisory as “out-of-bounds” read or write flaws, a category of memory bugs where a function does not check that input doesn’t exceed allocated buffers.
Google paid $7,500 in bounties to six researchers for reporting nine vulnerabilities, including two that were not strictly within Chrome. One of the latter was a bug in a Linux Nvidia driver, for example.
The 11 remaining bugs were uncovered by Google’s own security team or were credited to Microsoft, or were not significant enough to rate a bounty.
Google also handed over an additional $9,000 to half-a-dozen researchers, some of whom collected other cash rewards, for reporting bugs that were patched by Google earlier in Chrome 19’s development process.
So far this year, Google has paid more than $230,000 to outside researchers for submitting Chrome vulnerabilities. More than half of that—$120,000—was laid out in March at “Pwnium,” a Google-sponsored hacking challenge.
Tuesday’s update was the 13th this year that patched one or more vulnerabilities.
According to the latest figures from metric company Net Applications, Chrome has a usage share of about 19%. Irish measurement firm StatCounter, on the other hand, pegged Chrome’s share for April at 31%.
Chrome 19 can be downloaded for Windows, Mac OS X and Linux from Google’s website. The browser is updated automatically through its silent service.