Google pays $10,000 to fix 10 high-risk Chrome flaws

Summary:Google has shelled out more than $10,000 in bounties for the latest batch of high-risk security vulnerabilities in its Chrome browser.

Google has shelled out more than $10,000 in bounties for the latest batch of high-risk security vulnerabilities in its Chrome browser.

The company released Google Chrome 5.0.375.127 with patches for 9 security holes and a workaround for a Windows kernel bug, paying $10,011 in rewards to the hackers who reported the issues.

The update is available for Windows, Mac and Linux.

[ Microsoft: No plans to pay for security vulnerabilities ]

Here are the details from Google's Jason Kersey:
follow Ryan Naraine on twitter
  • [$1337] [45400] Critical Memory corruption with file dialog. Credit to Sergey Glazunov.
  • [$500] [49596] High Memory corruption with SVGs. Credit to wushi of team509.
  • [$500] [49628] High Bad cast with text editing. Credit to wushi of team509.
  • [$1000] [49964] High Possible address bar spoofing with history bug. Credit to Mike Taylor.
  • [$2000] [50515] [51835] High Memory corruption in MIME type handling. Credit to Sergey Glazunov.
  • [$1337] [50553] Critical Crash on shutdown due to notifications bug. Credit to Sergey Glazunov.
  • [51146] Medium Stop omnibox autosuggest if the user might be about to type a password. Credit to Robert Hansen.
  • [$1000] [51654] High Memory corruption with Ruby support. Credit to kuzzcc.
  • [$1000] [51670] High Memory corruption with Geolocation support. Credit to kuzzcc.

An additional $1337 was paid to Marc Schoenefeld for helping with a security workaround for a Windows kernel bug [51070].

Google and Mozilla pay bounties for security vulnerabilities in its products.  Microsoft says it has no plans to pay hackers for reporting security problems.

ALSO SEE: No more free bugs.

Topics: Google, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.