Google will pay out at least $59,000 to researchers for reporting dozens of security bugs found in Chrome version 70 and prior.
Google has released the stable version of Chrome 71 for Windows, Mac and Linux with 43 security fixes, including a patch for Site Isolation, an important feature for minimizing the risk of malicious websites using the Spectre flaws affecting CPUs from Intel, AMD, Arm and others.
Chrome 71 expands Google’s move against sites with “abusive experiences” that pushed Chrome users to sites they don’t want to visit. Previous approaches included a pop-up blocker and restricting autoplay videos, while last year’s efforts aimed to prevent surprise redirects through links and buttons on a site.
Chrome 71 closes an apparent loophole in its Google’s previous clampdown by removing all ads on the fraction of sites with “persistent abusive experiences”.
Google was targeting ads of the type commonly used by tech support scams, such as ads displaying system warnings and bogus “close” buttons. Google decided to tackle ads after discovering that nearly all of the abusive experiences it was missing to date relied on bad ads.
Chrome 71 also cracks down on vague information available when users are inputting information on subscription pages. In November Google said millions of Chrome users see mobile pages with poor information about subscriptions.
As of this version, Chrome will show a warning before users enter a page where billing information is required. The warnings target pages that allow users to subscribe by typing in their phone number, resulting in charges to the user’s mobile subscription.
The highest single payout was made for a medium seventy issue concerning “inappropriate implementation in Site Isolation”.