Chrome 47 browser: Google pays out $105k in bug bounties, chops notification center

Google has rolled out its Chrome 47 web browser to stable channel users, offering 41 security fixes, 22 of which generated $105,000 in cash for security researchers.
Written by Liam Tung, Contributing Writer
The new Chrome 47 browser will do away will notifications.
Image: Google
Google has bumped the Chrome 47 browser up to the stable channel for Linux, Mac and Windows, bringing with it a host of security fixes and its expected removal of the notifications center.

Google flagged in October that it was rethinking notifications on the desktop and in the name of 'keeping it simple' would be removing the notifications center on all desktop platforms except for Chrome OS.

The other reason for its removal was that few people, in practice, used the feature that it introduced two years ago as a place to house notifications from Chrome apps and extensions.

The removal of the notifications center is part of a wider effort among Chrome developers to eliminate features that aren't used frequently and keep Chrome code as simple as possible.

Google hasn't revealed much about new features in Chrome 47 yet, although in a blog post detailing the browser's security fixes, it says more features will be revealed shortly on its Chrome and Chromium blogs.

While not all new features of Chrome 47 have been revealed, the list of security fixes should be enough to justify the update if users have intentionally turned off automatic updates in Chrome.

One feature that it has revealed is splash screens for web apps that are launched from the home screen on Android devices. The aim is to improve the experience of web apps in Chrome 47 on Android and give those apps a more polished look. Developers can learn more about that here.

According to Google, Chrome 47 includes 41 security fixes, though the company has detailed just 22 that were reported by external security researchers and qualified for payment under its vulnerability rewards program.

The largest single payout was $11,337 for a "high severity" use-after-free issue in AppCache.

Google offers round number payments for bugs, for example, $10,000 for a sandbox escape with a high-quality report, but it will also pay up to $1,337 if the researcher provides a well-written patch.

That payment went to an anonymous researcher, as did two more $10,000 payouts for similarly critical issues in AppCache.

In total, Google lists 13 high-severity bugs that have been fixed, six medium severity issues and three low-severity ones.

The 22 bugs for which Google has listed a payout amounted to a total of just over $105,000 for Chrome 47.

It also listed two more bug fixes that its internal teams developed, which included multiple vulnerabilities in Chrome's V8 JavaScript engine. Additional security fixes were also delivered to Chrome 47 before it reached the stable channel.

Read more about Google Chrome

Editorial standards