Chrome security: Google fixes three high-severity bugs, pays $20k in bounties

Google has squished five security bugs in its May update for Chrome 50, bumping the version up to 50.0.2661.102.

chrome770x377.jpg

Among the five vulnerabilities in Chrome addressed by the new version are three high-severity issues.

Image: Google

Google has released an update to the stable release of Chrome, which fixes five security bugs and brings the browser up to version 50.0.2661.102.

The new version addresses five vulnerabilities in Chrome for Windows, Mac and Linux, including three high-severity issues and two medium-severity issues.

Google this month also paid out $20,337 to bug hunters, most of which was scooped up by Polish security researcher Mariusz Mlynski, who netted $15,500 for reporting two of the high-severity bugs. These included same-origin bypasses in Chrome's Document Object Model (DOM) and V8 Blink bindings.

The other high-severity issue was a buffer overflow in Chrome's V8 JavaScript engine reported by Choongwoo Han, who earned $3,000 for his efforts, topping up a $5,000 bounty he received for a different bug in V8, which was fixed in last month's Chrome update.

Google pays security researchers each month for reporting bugs through the Chrome Reward Program. Since launching the program in 2010, it's paid out over $2.5m to researchers for reporting bugs in Chrome.

This Chrome update came just ahead of Adobe's monthly fix for Flash Player, which included a fix for a bug that was already being exploited in the wild. Flash Player ships with Chrome and is automatically updated to the latest patched version.

The two medium-severity bugs fixed in Chrome were a "race condition in loader" and a "directory traversal using the file scheme on Android". Google valued these bugs at $1,337 and $500 respectively.

As per Google's usual practice, it isn't releasing detailed information about the bugs until most Chrome users have updated their browser.

Read more on Google and Chrome