Google has released a new stable version of its popular web browser Chrome, in the process it has paid out $10,000 to security researchers who helped find security flaws in the software. Google pays rewards to independent security researchers who dig into Chromium (the open source version of Chrome) and attempt to find security vulnerabilities. These vulnerabilities are often memory issues like use-after-free errors or memory corruptions that could be exploited by hackers to execute arbitrary code on the machine running the browser.
The latest release includes 14 security fixes, two of which received rewards from Google. The rewards are as follows:
- [$1000]High CVE-2013-6649: Use-after-free in SVG images. Credit to Atte Kettunen of OUSPG.
- [$3000]High CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 184.108.40.206. Credit to Christian Holler.
However the reward payouts didn’t stop there. As part of the release announcement for Google Chrome 32.0.1700.102 the search giant also thanked cloudfuzzer and miaubiz for helping out during the latest development cycle to prevent security bugs from entering into a stable release. For their efforts Google paid out an additional $6000, making the total pay out $10,000 for this release.
“We would also like to thank cloudfuzzer and miaubiz for working with us during the development cycle to prevent security bugs from ever reaching the stable channel,” said Karen Grunberg and Daniel Xie on the Chrome release blog.
Google also fixed a number of non-security related bugs including problems where Chrome became unresponive and broken scrolling on in combo boxes.
Chrome can be downloaded from http://google.com/chrome and is available for Windows, Mac and Linux.