Chrome 22 Patches Over 40 Security Flaws

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Google recently announced the release of Chrome 22, which includes fixes for 42 vulnerabilities.

"Google's reward program for the responsible disclosure of vulnerabilities in the company's assets is obviously a great success for Google, but also for independent vulnerability hunters such as Sergey Glazunov, who has been one of the [greatest] contributors since the start of the bug bounty program in 2010," Help Net Security reports. "This time he managed to earn himself $15,000 for two high-severity universal cross-site scripting bugs in frame handling ($10,000) and in Chrome's V8 engine ($5,000)."

"Glazunov was one of two security researchers who hacked Chrome at Google's inaugural 'Pwnium' contest last March," writes Computerworld's Gregg Keizer. "That feat earned him $60,000. With Tuesday's $15,000 check, Glazunov has taken home nearly $80,000 for his research efforts this year."

"Typically, Google's top reward for security researchers is $3133.70, but the company's security team recently announced that it would be giving out some higher rewards in special cases, such as when researchers find a bug that's outside of Chrome or when the vulnerability is particularly severe," writes Threatpost's Dennis Fisher. "For Glazunov, a regular beneficiary of Google's bug-bounty largess, this has already turned out to be a boon. Google also handed out a second $5,000 reward, this one to Eetu Luodemaa and Joni Vahamaki for a memory-corruption bug in the Windows kernel."

"In all, Google paid out a record $29,500 to security researchers for discovering and reporting these holes as part of its Chromium Security Vulnerability Rewards program; the previous record was $26,511 for holes closed in Chrome 15 from October of last year," The H Security reports.