Google pays $10,000 to fix 10 high-risk Chrome flaws

Google has shelled out more than $10,000 in bounties for the latest batch of high-risk security vulnerabilities in its Chrome browser.

Google has shelled out more than $10,000 in bounties for the latest batch of high-risk security vulnerabilities in its Chrome browser.

The company released Google Chrome 5.0.375.127 with patches for 9 security holes and a workaround for a Windows kernel bug, paying $10,011 in rewards to the hackers who reported the issues.

The update is available for Windows, Mac and Linux.

[ Microsoft: No plans to pay for security vulnerabilities ]

Here are the details from Google's Jason Kersey:
follow Ryan Naraine on twitter
  • [$1337] [45400] Critical Memory corruption with file dialog. Credit to Sergey Glazunov.
  • [$500] [49596] High Memory corruption with SVGs. Credit to wushi of team509.
  • [$500] [49628] High Bad cast with text editing. Credit to wushi of team509.
  • [$1000] [49964] High Possible address bar spoofing with history bug. Credit to Mike Taylor.
  • [$2000] [50515] [51835] High Memory corruption in MIME type handling. Credit to Sergey Glazunov.
  • [$1337] [50553] Critical Crash on shutdown due to notifications bug. Credit to Sergey Glazunov.
  • [51146] Medium Stop omnibox autosuggest if the user might be about to type a password. Credit to Robert Hansen.
  • [$1000] [51654] High Memory corruption with Ruby support. Credit to kuzzcc.
  • [$1000] [51670] High Memory corruption with Geolocation support. Credit to kuzzcc.

An additional $1337 was paid to Marc Schoenefeld for helping with a security workaround for a Windows kernel bug [51070].

Google and Mozilla pay bounties for security vulnerabilities in its products.  Microsoft says it has no plans to pay hackers for reporting security problems.

ALSO SEE: No more free bugs.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All