January 13, 2011, 9:03AM
Google Release Chrome 8.0.552, Pays $14,000 in Bug Bounties
Comment 
Google has released version 8.0.552.237 of its Chrome browser, which includes fixes for 16 security vulnerabilities. The company also paid out more than $14,000 in bug bounties for the flaws fixed in this release, including the first maximum reward of $3133.7.
The new version of Google Chrome has fixes for 13 high-priority bugs, but the most serious vulnerability the company repaired in the browser is a critical flaw resulting from a stale pointer in the speech handling component of Chrome. That flaw, along with four others, was discovered by researcher Sergey Glazunov, who earned a total of more than $7,000 in rewards for the bugs he reported to Google.
"We’re delighted to offer our first “elite” $3133.7 Chromium Security Reward to Sergey Glazunov. Critical bugs are harder to come by in Chrome, but Sergey has done it. Sergey also collects a $1337 reward and several other rewards at the same time, so congratulations Sergey!," Google said in its release notes for Chrome.
Editor's Pick
Google has said that the top payment in its program is typically going to be reserved for critical bugs that break out of the sandbox in Chrome.
It's been nearly a year since Google started the bug bounty program for researchers. The company announced last February that it would begin paying researchers for bugs in Chromium that are reported directly to Google. At the time, the base reward was $500 and the top payment was $1337, and the program only applied to flaws found in Chromium or Chrome. The company has expanded the program since then to apply to its Web properties and also has upped the top payment for vulnerabilities to $3133.7.
Google's program has attracted quite a bit of attention and many researchers have benefited from the payments the company doles out. Since its inception last year, Google has paid out tens of thousands of dollars in rewards. Google's program followed on the heels of one started earlier by Mozilla and the two companies have gone back and forth on bug prices, raising the bounties from time to time.
Currently, Google's reward of $3133.7 is the highest payment from a vendor, with Mozilla paying a maximum amount of $3,000. Other companies have followed suit in the bug bounty game, with Barracuda Networks launching a similar program in November.
Commenting on this Article is closed.
Today's Most Popular
- Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops
- Dear Jailbreaker, Apple Wants to Have a Word with You
- ZTE Score M Android Phone Found to Have Backdoor Installed
- OPINION: Are Anonymous Members Forged in the Crucible of IT Compliance?
- New P2P Zeus Variant Targets Popular Sites with Bogus Offers
Most Commented Stories
-
Defense Contractor Northrop Grumman Hiring For Offensive Cyber Ops (5)
-
Spammers Targeting Pinterest Using Point-And-Click Tools (1)
-
White House Security Czar Howard Schmidt Retiring (3)
-
Hijacked Web Sites Among The Most Visited On Google's Black List (2)
-
New P2P Zeus Variant Targets Popular Sites with Bogus Offers (1)
Newsletter Sign-up
Take Our Poll
The Internet Crime Complaint Center recently warned of malware targeting travelers connecting to Wi-Fi. When traveling, do you
Connect to anything
22%
Only connect to password-protected, secure connections
37%
Only use websites with HTTPS
27%
I don’t pay attention to how I access the internet while traveling
14%
Total votes: 59
Follow Threatpost
 |  |  |  |
| Tumblr |
