Chrome security: Google fixes three high-severity bugs, pays $20k in bounties
Google has released an update to the stable release of Chrome, which fixes five security bugs and brings the browser up to version 50.0.2661.102.
The new version addresses five vulnerabilities in Chrome for Windows, Mac and Linux, including three high-severity issues and two medium-severity issues.
Google this month also paid out $20,337 to bug hunters, most of which was scooped up by Polish security researcher Mariusz Mlynski, who netted $15,500 for reporting two of the high-severity bugs. These included same-origin bypasses in Chrome's Document Object Model (DOM) and V8 Blink bindings.
The other high-severity issue was a buffer overflow in Chrome's V8 JavaScript engine reported by Choongwoo Han, who earned $3,000 for his efforts, topping up a $5,000 bounty he received for a different bug in V8, which was fixed in last month's Chrome update.
Google pays security researchers each month for reporting bugs through the Chrome Reward Program. Since launching the program in 2010, it's paid out over $2.5m to researchers for reporting bugs in Chrome.
This Chrome update came just ahead of Adobe's monthly fix for Flash Player, which included a fix for a bug that was already being exploited in the wild. Flash Player ships with Chrome and is automatically updated to the latest patched version.
The two medium-severity bugs fixed in Chrome were a "race condition in loader" and a "directory traversal using the file scheme on Android". Google valued these bugs at $1,337 and $500 respectively.
As per Google's usual practice, it isn't releasing detailed information about the bugs until most Chrome users have updated their browser.
Read more on Google and Chrome
- Google open sources its English language parser, Parsey McParseface
- Google rolls out GBoard keyboard for iOS
- Google Translate now works offline on iPhone, in-app translation comes to Android
- Opera takes on Chrome with power-saving browser that makes laptop batteries last 50 percent longer
- Adobe releases Flash update to fix critical security flaws
- Opera: Our new built-in ad blocker halves Chrome's memory footprint, speeds webpage loads