Google pays record bounty for Chrome bug
Patches 16 browser bugs, including one that earns researcher $3,133
Computerworld - Google patched 16 vulnerabilities in Chrome on Thursday, and it paid one researcher a record $3,133 for reporting a single bug.
The flaws fixed in Chrome 8.0.552.334 were in several components, including the browser's support for extensions, its built-in PDF viewer, and the way it processes cascading style sheets (CSS).
Thirteen of the bugs were labeled as "high" threats, Google's second-most-serious rating, and two were pegged "medium." Only one was tagged as "critical," the company's highest threat rating.
As it always does, Google locked its bug tracking database to bar outsiders from reading the technical details of the just-patched vulnerabilities. The company usually opens access to a flaw later -- sometimes within weeks, often only after months -- to give users time to update before the information goes public.
Researcher Sergey Glazunov was credited with reporting the single critical vulnerability, described by Google as a "stale pointer in speech handling." A "stale pointer" is a bug in an application's memory allocation code.
Glazunov was the first researcher to take home Google's biggest bounty.
"We're delighted to offer our first 'elite' $3133.70 Chromium Security Reward to Sergey Glazunov," said Jason Kersey, a Chrome program manager, in a post to Google's Chrome release blog.
Last July, Google raised its top dollar payout for bug discoveries from $1,337 to $3,133, making the move less than a week after rival Mozilla boosted Firefox bug bounties to $3,000.
Wednesday was also the first time that Google has classified a bug as critical since the debut of the higher bounty; only critical vulnerabilities are eligible for the $3,133 reward.
Altogether, Google paid Glazunov $7,470 for reporting five of the 16 flaws. Google wrote checks totaling more than $14,000 to Glazunov and others for their work.
Yesterday's patch collection was the third since Google updated the stable edition of Chrome to Version 8 in early December.
According to the newest statistics from Internet metrics company Net Applications, Chrome accounted for a record 10% of browsers in use last month.
Chrome 8 can be downloaded for Windows, Mac OS X and Linux from Google's Web site. Users already running the browser will be updated automatically.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Desktop Apps in Computerworld's Desktop Apps Topic Center.
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- HTTP Status Code Cheat Sheet Look at the Graph, Find the Code and Boom - You're Solving Problems. Identifying and understanding common HTTP status codes can go a...
- Architects lead the next generation of data-driven applications Read this whitepaper to find out how application architects can quickly and confidently deliver long-lasting applications that minimize cost, complexity, and risk while...
- IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- Leveraging Flash Storage to Accelerate Oracle Real Application Clusters Join this webinar to understand the latest solid-state storage trends, the specific applications driving solid-state storage deployments and the benefits of deploying the... All Desktop Apps White Papers | Webcasts