Google Pays Almost $40,000 for Security Bug Reports in Chrome 43

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
The list of security flaws includes a total of 37 entries
External security researchers who contributed to Chrome browser’s increased security received $38,337 / €34,550 from Google for responsible disclosure of bugs fixed in version 43 of the browser.

The list of vulnerabilities addressed by the developers is 37 entries long, and six of them are marked as having a high severity risk.

Not all high severity risks were paid
The highest paid glitch was a sandbox escape, now identified as CVE-2015-1252, reported by a researcher who chose to remain anonymous, and who received a bounty of $16,337 / €14,700.

A cross-origin bypass in DOM (Document Object Model), tracked as CVE-2015-1253, is next on the payment ladder, deemed by Google to be worth a $7,500 / €6,750 check, also awarded to someone preferring to keep their identity secret; it could be that the two bugs were reported by one person, but there is no information to support this theory.

Another high severity issue (CVE-2015-1251) was disclosed by SkyLined working with HP's Zero Day Initiative, who discovered a use-after-free in the Speech component in Chrome, responsible for translating the audio commands from the user. However, in this case there was no monetary recognition.

The list of the most severe security flaws is completed with three more entries, two use-after-free (in SVG and WebAudio) and another cross-origin bypass in the browser’s Editing component. The last two were rewarded with $3,000 / €2,700 each, while the first one received $2,000 / €1,800.


Read more: http://news.softpedia.com/news/Goog...ecurity-Bug-Reports-in-Chrome-43-481756.shtml
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top