Chrome 22 Patches Over 40 Security Flaws
The company paid out $29,500 to researchers for uncovering the vulnerabilities.
"Google's reward program for the responsible disclosure of vulnerabilities in the company's assets is obviously a great success for Google, but also for independent vulnerability hunters such as Sergey Glazunov, who has been one of the [greatest] contributors since the start of the bug bounty program in 2010," Help Net Security reports. "This time he managed to earn himself $15,000 for two high-severity universal cross-site scripting bugs in frame handling ($10,000) and in Chrome's V8 engine ($5,000)."
"Glazunov was one of two security researchers who hacked Chrome at Google's inaugural 'Pwnium' contest last March," writes Computerworld's Gregg Keizer. "That feat earned him $60,000. With Tuesday's $15,000 check, Glazunov has taken home nearly $80,000 for his research efforts this year."
"Typically, Google's top reward for security researchers is $3133.70, but the company's security team recently announced that it would be giving out some higher rewards in special cases, such as when researchers find a bug that's outside of Chrome or when the vulnerability is particularly severe," writes Threatpost's Dennis Fisher. "For Glazunov, a regular beneficiary of Google's bug-bounty largess, this has already turned out to be a boon. Google also handed out a second $5,000 reward, this one to Eetu Luodemaa and Joni Vahamaki for a memory-corruption bug in the Windows kernel."
"In all, Google paid out a record $29,500 to security researchers for discovering and reporting these holes as part of its Chromium Security Vulnerability Rewards program; the previous record was $26,511 for holes closed in Chrome 15 from October of last year," The H Security reports.