- Jan 24, 2011
- 9,378
The list of security flaws includes a total of 37 entries
External security researchers who contributed to Chrome browser’s increased security received $38,337 / €34,550 from Google for responsible disclosure of bugs fixed in version 43 of the browser.
The list of vulnerabilities addressed by the developers is 37 entries long, and six of them are marked as having a high severity risk.
Not all high severity risks were paid
The highest paid glitch was a sandbox escape, now identified as CVE-2015-1252, reported by a researcher who chose to remain anonymous, and who received a bounty of $16,337 / €14,700.
A cross-origin bypass in DOM (Document Object Model), tracked as CVE-2015-1253, is next on the payment ladder, deemed by Google to be worth a $7,500 / €6,750 check, also awarded to someone preferring to keep their identity secret; it could be that the two bugs were reported by one person, but there is no information to support this theory.
Another high severity issue (CVE-2015-1251) was disclosed by SkyLined working with HP's Zero Day Initiative, who discovered a use-after-free in the Speech component in Chrome, responsible for translating the audio commands from the user. However, in this case there was no monetary recognition.
The list of the most severe security flaws is completed with three more entries, two use-after-free (in SVG and WebAudio) and another cross-origin bypass in the browser’s Editing component. The last two were rewarded with $3,000 / €2,700 each, while the first one received $2,000 / €1,800.
Read more: http://news.softpedia.com/news/Goog...ecurity-Bug-Reports-in-Chrome-43-481756.shtml
External security researchers who contributed to Chrome browser’s increased security received $38,337 / €34,550 from Google for responsible disclosure of bugs fixed in version 43 of the browser.
The list of vulnerabilities addressed by the developers is 37 entries long, and six of them are marked as having a high severity risk.
Not all high severity risks were paid
The highest paid glitch was a sandbox escape, now identified as CVE-2015-1252, reported by a researcher who chose to remain anonymous, and who received a bounty of $16,337 / €14,700.
A cross-origin bypass in DOM (Document Object Model), tracked as CVE-2015-1253, is next on the payment ladder, deemed by Google to be worth a $7,500 / €6,750 check, also awarded to someone preferring to keep their identity secret; it could be that the two bugs were reported by one person, but there is no information to support this theory.
Another high severity issue (CVE-2015-1251) was disclosed by SkyLined working with HP's Zero Day Initiative, who discovered a use-after-free in the Speech component in Chrome, responsible for translating the audio commands from the user. However, in this case there was no monetary recognition.
The list of the most severe security flaws is completed with three more entries, two use-after-free (in SVG and WebAudio) and another cross-origin bypass in the browser’s Editing component. The last two were rewarded with $3,000 / €2,700 each, while the first one received $2,000 / €1,800.
Read more: http://news.softpedia.com/news/Goog...ecurity-Bug-Reports-in-Chrome-43-481756.shtml