Google pays record bounty for Chrome bug

From InfoWorld: Google patched 16 vulnerabilities in Chrome on Thursday, paying one researcher a record $3,133 for reporting a single bug. The flaws fixed in Chrome 8.0.552.334 were in several components, including the browser's support for extensions, its built-in PDF viewer, and CSS (cascade style sheet) processing.

Thirteen of the bugs were labeled as "high" threats, Google's second-most-serious rating, and two were pegged "medium." Only one was tagged as "critical."

As it always does, Google locked its bug tracking database to bar outsiders from reading the technical details of the just-patched vulnerabilities. The company usually opens access to a flaw later -- sometimes within weeks, often only after months -- to give users time to update before the information goes public.

Researcher Sergey Glazunov was credited with reporting the single critical vulnerability, described by Google as a "stale pointer in speech handling." A "stale pointer" is a bug in an application's memory allocation code.

Glazunov was the first researcher to take home Google's biggest bounty.

"We're delighted to offer our first 'elite' $3133.7 Chromium Security Reward to Sergey Glazunov," said Jason Kersey, a Chrome program manager, in a post to Chrome release blog.

View: Article @ Source Site