Google pays $10,000 to fix 10 high-risk Chrome flaws

[nsane.forums]

Google has shelled out more than $10,000 in bounties for the latest batch of high-risk security vulnerabilities in its Chrome browser. The company released Google Chrome 5.0.375.127 with patches for 9 security holes and a workaround for a Windows kernel bug, paying $10,011 in rewards to the hackers who reported the issues.

The update is available for Windows, Mac and Linux.

Here are the details from Google’s Jason Kersey:

• [$1337] [45400] Critical Memory corruption with file dialog. Credit to Sergey Glazunov.
• [$500] [49596] High Memory corruption with SVGs. Credit to wushi of team509.
• [$500] [49628] High Bad cast with text editing. Credit to wushi of team509.
• [$1000] [49964] High Possible address bar spoofing with history bug. Credit to Mike Taylor.
• [$2000] [50515] [51835] High Memory corruption in MIME type handling. Credit to Sergey Glazunov.
• [$1337] [50553] Critical Crash on shutdown due to notifications bug. Credit to Sergey Glazunov.
• [51146] Medium Stop omnibox autosuggest if the user might be about to type a password. Credit to Robert Hansen.
• [$1000] [51654] High Memory corruption with Ruby support. Credit to kuzzcc.
• [$1000] [51670] High Memory corruption with Geolocation support. Credit to kuzzcc.

An additional $1337 was paid to Marc Schoenefeld for helping with a security workaround for a Windows kernel bug [51070].

Google and Mozilla pay bounties for security vulnerabilities in its products. Microsoft says it has no plans to pay hackers for reporting security problems.

View: Original Article

[Ferocity]

$1337 :lol:

[Atasas]

$1337 :lol:

Ditto!

[Lite]

Pays well to find software bugs, no? :fear:

[shought]

@Lite

I found a bug in your firmware, what are you going to pay me?

(Note: first time I make a 'Lite-is-a-bot'-joke :rolleyes:)

[Night Owl]

Good thing I upgraded to 5.0.375.127 today. :)