The company released Google Chrome 5.0.375.127 with patches for 9 security holes and a workaround for a Windows kernel bug, paying $10,011 in rewards to the hackers who reported the issues.
The update is available for Windows, Mac and Linux.
[ Microsoft: No plans to pay for security vulnerabilities ]
Here are the details from Google's Jason Kersey:
- [$1337] [45400] Critical Memory corruption with file dialog. Credit to Sergey Glazunov.
- [$500] [49596] High Memory corruption with SVGs. Credit to wushi of team509.
- [$500] [49628] High Bad cast with text editing. Credit to wushi of team509.
- [$1000] [49964] High Possible address bar spoofing with history bug. Credit to Mike Taylor.
- [$2000] [50515] [51835] High Memory corruption in MIME type handling. Credit to Sergey Glazunov.
- [$1337] [50553] Critical Crash on shutdown due to notifications bug. Credit to Sergey Glazunov.
- [51146] Medium Stop omnibox autosuggest if the user might be about to type a password. Credit to Robert Hansen.
- [$1000] [51654] High Memory corruption with Ruby support. Credit to kuzzcc.
- [$1000] [51670] High Memory corruption with Geolocation support. Credit to kuzzcc.
An additional $1337 was paid to Marc Schoenefeld for helping with a security workaround for a Windows kernel bug [51070].
Google and Mozilla pay bounties for security vulnerabilities in its products. Microsoft says it has no plans to pay hackers for reporting security problems.
ALSO SEE: No more free bugs.
Join Discussion