Google Hands Over £16,000 For Chrome Bug Bounties

Google has coughed up $26,511 (£16,539) to security researchers who uncovered 18 security flaws in Chrome, shattering the previous payout record of $17,000 (£10,600) set in August.

Google also launched its latest Chrome 15 browser to the stable channel.

Bounty Breakdowns

Some $12,174 (£7,594) of that total was paid to Sergey Glazunov for finding five high-risk, cross-origin policy violations. Glazunov also banked $1,500 (£936) for detecting a medium-risk cookie theft with JavaScripts URIs bug, bringing the researcher’s total earnings for Chrome 15 to $13,674 (£8,530).

Security researcher Miaubiz, meanwhile, netted $10,337 (£6,448), including $6,337 (£3,953) for six high-risk stale style bugs leading to use-after-free issues. Miaubiz also earned $2,000 (£1,247) for a heap overflow in Web Audio, and $1,000 (£624) apiece for one high-risk use-after-free in counter handling error and one use-after-free with plug-in and editing bug.

Christian Holler grabbed $2,000 (£1,247) for finding out of bounds writes in the JavaScript V8 engine. Google has paid over $170,000 (£106,000) in bug bounties to date in 2011.

Google also noted that it updated its NSS network library to include a defence against the BEAST (Browser Exploit Against SSL/TLS) attack despite the fact that Chrome was not directly affected by the attack.

BEAST is a hacking tool that attacks browsers and decrypts cookies, which could give attackers access to website log-in credentials. Microsoft pledged to patch Windows so that its Internet Explorer browser isn’t vulnerable to BEAST’s attacks, according to ComputerWorld.

Chrome security team member Karen Grunberg said Google’s NSS update may expose bugs in Brocade hardware, adding that “Brocade is working on the issue.”

Stable Channel

Chrome 15, available for the stable channels of Windows, Mac, Linux and Chrome Frame, offers users more than bug fixes. It also includes an overhauled New Tab page that aims to make it easier for users to access and organise apps in different sections on the web page.

Chrome Web Apps and extensions are housed in a wall of images that’s updated every time a user visits the Webstore, giving the store a fresh feel for repeat visitors. Users need only hover over the apps and extensions images and click “add to Chrome” to install them.

When users click on an app, extension or theme, they will see a panel featuring screenshots, videos and other relevant information in separate tabs. The store also includes a brand new reviews interface that links to the Google+ profile of each reviewer.

These changes are all designed to make Chrome Webstore a place that users of Chromebooks or just Chrome apps want to return to again and again for games, productivity tools and other programs. Google is counting on Chrome apps to drive adoption of notebooks based on its Chrome Operating System.