We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Google pays record bounty for Chrome bug

Patches 16 browser bugs, including one that earns researcher $3,133

Google has patched 16 vulnerabilities in Chrome, including one that netted the researcher who reported it a record $3,133.

The flaws fixed in Chrome 8.0.552.334 were in several components, including the browser's support for extensions, its built-in PDF viewer, and CSS (cascade style sheet) processing.

Thirteen of the bugs were labelled as 'high' threats, Google's second-most-serious rating, and two were pegged 'medium'. Only one was tagged as 'critica'l"

As it always does, Google locked its bug tracking database to bar outsiders from reading the technical details of the just-patched vulnerabilities. The company usually opens access to a flaw later - sometimes within weeks, often only after months - to give users time to update before the information goes public.

Researcher Sergey Glazunov was credited with reporting the single critical vulnerability, described by Google as a "stale pointer in speech handling." A 'stale pointer' is a bug in an application's memory allocation code.

Glazunov was the first researcher to take home Google's biggest bounty.

"We're delighted to offer our first 'elite' $3133.7 Chromium Security Reward to Sergey Glazunov," said Jason Kersey, a Chrome program manager, in a post to Chrome release blog.

Last July, Google raised its top payout from $1,337 to $3,133, making the move less than a week after rival Mozilla boosted Firefox bug bounties to $3,000.

This is the first time that Google has classified a bug as critical since the debut of the higher bounty; only critical vulnerabilities are eligible for the $3,133 reward.

Altogether, Google paid Glazunov $7,470 for reporting five of the 16 flaws. Google cut checks totaling more than $14,000 to Glazunov and others for their work.

The new patch collection was the third since Google updated the stable edition of Chrome to version 8 in early December.

According to the newest statistics from internet metrics company Net Applications, Chrome accounted for a record 10 percent usage share last month.

Chrome 8 can be downloaded for Windows, Mac OS X and Linux from Google's website. Users already running the browser will be updated automatically.

See also: 9 Google downloads to improve Chrome, Gmail and more


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia