msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

07 Mar 12 Google Chrome 17 Bug Hunt Nets Researchers $47,500


Chrome 17 has
proven to be quite expensive for Google (NASDAQ:GOOG). The search giant on
March 4 said it just paid $47,500 in bug bounties and bonuses to reward researchers
who helped find flaws in the browser’s stable channel update.

That’s a substantial hike from the stable build’s initial
launch
Feb. 8, when Google paid $10,500 to researchers who found 20
flaws of various severity. The company has now paid out $58,000 for security
issues related to Chrome 17, easily the most expensive browser launch from the
company.

The latest
update—17.0.963.65—fixes several issues, including cursors, plug-ins and
backgrounds that fail to load and Websites that break when touch controls are
used. Google also included the latest Adobe Flash player 11.1 build. 

Google also
paid $10,000 apiece for three special bugs. Showing its sense of humor, the
Chrome security team described the flaws as “excessive Webkit
fzzing,” an “awesome variety of fuzz targets,” and
“significant pain inflicted upon” Scalable Vector Graphics (SVG).

The team also
explained why it paid $10,000 at a time when it pays roughly $1,000 for an
average bug detection.

“We have
always reserved the right to arbitrarily reward sustained, extraordinary
contributions,” wrote Jason Kersey of the Chrome Security team,
in a corporate blog post. “In this instance, we’re dropping a surprise
bonus. We reserve the right to do so again and reserve the right to do so on a
more regular basis!”

In addition to
the $30,000 for the three special bugs, Google also paid $17,500 for 14 more
flaws, most of which were of the “use after free” persuasion.

 Google
has paid more than $700,000 to researchers who have detected hundreds of bugs
in its Chrome browser since the company launched the program in January 2010.

That number is
set to more than double at CanSecWest in Vancouver, B.C., where Google will
offer up to $1 million in rewards for Chrome exploits at the Pwn2Own hacking
contest this week.

The payouts
include $60,000 for a full Chrome exploit covering user account persistence
using only bugs in Chrome.

Google is offering $40,000 for partial Chrome exploits
covering
persistence using at least one bug in Chrome itself, and
other bugs, such as a WebKit bug, combined with a Windows sandbox bug. The
company is further paying $20,000 for consolation awards.



Article source: http://www.eweek.com/c/a/Security/Google-Chrome-17-Bug-Hunt-Nets-Researchers-47500-615234/

Tags: , , ,

06 Mar 12 Google Chrome 17 Bug Hunt Nets Researchers $47500


Chrome 17 has proven to be quite expensive for Google
(NASDAQ:GOOG). The search engine giant paid an March 4 said it just paid $47,500 in bug bounties and bonuses to
reward researchers who helped find flaws in the browser’s stable channel
update.

That’s a substantial hike from the stable build’s first past Feb. 8, when Google paid $10,500 to
researchers who found 20 flaws of various severity. The company has now paid
out $58,000 for security issues related to Chrome 17, easily the most expensive
browser launch from the company.

The latest update — 17.0.963.65 — fixes several issues,
including cursors, plugins and backgrounds that fail to load and Websites that
break when touch controls are used. Google also included the latest Adobe Flash
player 11.1 build. 

Google also paid $10,000 apiece for three special bugs.
Showing its sense of humor, the Chrome security team described the flaws as “excessive
Webkit fzzing,” an “awesome variety of fuzz targets,” and
“significant pain inflicted upon” Scalable Vector Graphics (SVG).

The team also explained why it paid $10,000 at a time
when it pays roughly $1,000 for an average bug detection.

“We have always reserved the right to arbitrarily
reward sustained, extraordinary contributions,” wrote Jason Kersey, of the Chrome Security team, in a corporate blog post. “In this instance, we’re
dropping a surprise bonus. We reserve the right to do so again and reserve the
right to do so on a more regular basis!”

In addition to the $30,000 for the 3 special bugs, Google
also paid $17,500 for 14 more flaws, most of which were of the “use after
free” persuasion.

 Google has paid more than $700,000 to researchers who
have detected hundreds of bugs in its Chrome browser since the company launched
the program in January 2010.

That number is set to more than double at
CanSecWest in Vancouver, where Google will offer up to $1 million in rewards for
Chrome exploits at the Pwn2Own hacking contest this week.

The payouts include $60,000 for a full Chrome exploit
covering user account persistence using only bugs in Chrome.

Google is offering $40,000 for partial Chrome exploits covering persistence
using at least one bug in Chrome itself, and other bugs, such as a WebKit bug
combined with a Windows sandbox bug. The company is further paying $20,000 for
consolation awards.

 

 

Article source: http://www.eweek.com/c/a/Security/Google-Chrome-17-Bug-Hunt-Nets-Researchers-47500-615234/

Tags: , , ,