December 5, 2016

Google Pays Out $10,000 to Make Latest Version of Chrome Secure

(LiveHacking.Com) – Google has released the latest version of Chrome (14.0.835.202) with Adobe Flash Player 11 and $10,000 worth of security fixes. Google has been running its Chromium Security Rewards program for quite some time now and has quashed hundreds of security related bugs thanks to the contributions from coders all over the world.

Some of these contributors have become semi-famous and one in particular has a long standing record of finding security related bugs in Chrome. His name is Sergey Glazunov and with this release Google paid him over $8000 for finding three different bugs, one of which earned him $4500 alone.

The security bugs killed in this version include:

  • [$1000] [93788] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz.
  • [$1000] [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz.
  • [$2000] [95671] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov.
  • [96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno).
  • [$4500] [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov.
  • [$1500] [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov.
  • [98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.
Note that the referenced bugs are kept private by Google until a majority of Chrome users have updated.
Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks