Google pays $3500 for 7 Chrome security bugs
Share:
One of the more popular ways to help speed up bug fixes and make the overall update process easier is to outsource some work, and a great way to do that is to offer rewards to those out there who find bugs. Almost every app update that comes out has unspecified "bug fixes" or "security fixes", and we never really get an explanation of what the specifics are because the info usually isn't all that interesting. We won't lie, you may not be interested in the specific bug fixes in Chrome either, but what is pretty cool is learning about the bounty that Google paid out to those who found the 7 security bugs.
The security bugs fixed are all labeled as "medium" level threats, and that brings a bounty of $500 for whoever finds them. This new Chrome update has 7 security bugs found by two different people, meaning Google ended up paying out $3500 just for the reports that these bugs existed. Artem Chaykin made $1000 for finding a bug on "Information and credential disclosure", and one on "Current-tab cross-application scripting".
But, Takeshi Terada was the big winner, netting $2500 for finding 5 bugs. Three that are a bit jargony: "Information and credential disclosure", "UXSS via Intent extra data", "Bypassing same-origin policy for local files with symlinks", and two that actually make sense to a common reader: "Android APIs exposed to JavaScript", and "Cookie theft by malicious local Android app".
Good job to Artem and Takeshi. And, if you want to take advantage of the new security fixes, you'll need an Android device running ICS or Jelly Bean, and you'll need to jump over to the Google Play Store to get the update.
source: Google Chrome Release Blog
Share:
Oh Canada! Samsung GALAXY Nexus users up north get their Jelly Bean update 
T-Mobile: Yet again the biggest loser with the announcement of the iPhone 
6 Comments
1. XPERIA-KNIGHT posted on 12 Sep 2012, 15:07 6 2
good job for finding them..........now fix them soon as possible google!
2. Quezdagreat posted on 12 Sep 2012, 15:13 0 5
It looks like 80% of android phones won't get this security fix :(
6. BSTManCMc posted on 13 Sep 2012, 16:12 1 1
iOS still as vunerable but you believe the fallacy about secure, and never learn or grow from the person you are now!
