Dirty Hackers
No 5k1p7 k1ddi35 h3r3 plz keep moving kthkxbai.
Google has released a patch a day after Sergey Glazunov hacked its browser with a pair of zero-day flaws. The update covers Windows, Mac OS X, Linux and Chromium OS. Google's Chrome fell to two separate attacks on Wednesday evening, both based on previously unknown vulnerabilities during competitions at the CanSecWest …
Yeah. Depends on what the code to fix said defect touched, the complexity and how well the code is understood and documented ahead of time. But targeted automated testing on something like a browser *should* be able to run pretty quick. The fact it did get out so quick, combined with the compliments towards Chrome code from Vupen which just got through hacking it leads me to believe the code is fairly well done though.
I do appreciate they were able to get that patch out this quickly and not leave this hole out there. There are others where it would have taken at least a month to get a fix out.
I applaud Google for mingling with the security community*, paying real money to researchers, and working toward a more secure platform. Seems cost-effective, a P.R. win, and much more clever than, say, declaring that one's steenky database line is "Unbreakable!". I still get the giggles from that one.
* sounds more dignified than "drunken aspies in black tshirts".