msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

07 Mar 12 Google Chrome 17 Bug Hunt Nets Researchers $47,500


Chrome 17 has
proven to be quite expensive for Google (NASDAQ:GOOG). The search giant on
March 4 said it just paid $47,500 in bug bounties and bonuses to reward researchers
who helped find flaws in the browser’s stable channel update.

That’s a substantial hike from the stable build’s initial
launch
Feb. 8, when Google paid $10,500 to researchers who found 20
flaws of various severity. The company has now paid out $58,000 for security
issues related to Chrome 17, easily the most expensive browser launch from the
company.

The latest
update—17.0.963.65—fixes several issues, including cursors, plug-ins and
backgrounds that fail to load and Websites that break when touch controls are
used. Google also included the latest Adobe Flash player 11.1 build. 

Google also
paid $10,000 apiece for three special bugs. Showing its sense of humor, the
Chrome security team described the flaws as “excessive Webkit
fzzing,” an “awesome variety of fuzz targets,” and
“significant pain inflicted upon” Scalable Vector Graphics (SVG).

The team also
explained why it paid $10,000 at a time when it pays roughly $1,000 for an
average bug detection.

“We have
always reserved the right to arbitrarily reward sustained, extraordinary
contributions,” wrote Jason Kersey of the Chrome Security team,
in a corporate blog post. “In this instance, we’re dropping a surprise
bonus. We reserve the right to do so again and reserve the right to do so on a
more regular basis!”

In addition to
the $30,000 for the three special bugs, Google also paid $17,500 for 14 more
flaws, most of which were of the “use after free” persuasion.

 Google
has paid more than $700,000 to researchers who have detected hundreds of bugs
in its Chrome browser since the company launched the program in January 2010.

That number is
set to more than double at CanSecWest in Vancouver, B.C., where Google will
offer up to $1 million in rewards for Chrome exploits at the Pwn2Own hacking
contest this week.

The payouts
include $60,000 for a full Chrome exploit covering user account persistence
using only bugs in Chrome.

Google is offering $40,000 for partial Chrome exploits
covering
persistence using at least one bug in Chrome itself, and
other bugs, such as a WebKit bug, combined with a Windows sandbox bug. The
company is further paying $20,000 for consolation awards.



Article source: http://www.eweek.com/c/a/Security/Google-Chrome-17-Bug-Hunt-Nets-Researchers-47500-615234/

Tags: , , ,

Comments are closed.