Google pays $3500 for 7 Chrome security bugs - PhoneArena

Google pays $3500 for 7 Chrome security bugs

Google pays $3500 for 7 Chrome security bugs
One of the more popular ways to help speed up bug fixes and make the overall update process easier is to outsource some work, and a great way to do that is to offer rewards to those out there who find bugs. Almost every app update that comes out has unspecified "bug fixes" or "security fixes", and we never really get an explanation of what the specifics are because the info usually isn't all that interesting. We won't lie, you may not be interested in the specific bug fixes in Chrome either, but what is pretty cool is learning about the bounty that Google paid out to those who found the 7 security bugs. 

The security bugs fixed are all labeled as "medium" level threats, and that brings a bounty of $500 for whoever finds them. This new Chrome update has 7 security bugs found by two different people, meaning Google ended up paying out $3500 just for the reports that these bugs existed. Artem Chaykin made $1000 for finding a bug on "Information and credential disclosure", and one on "Current-tab cross-application scripting". 

But, Takeshi Terada was the big winner, netting $2500 for finding 5 bugs. Three that are a bit jargony: "Information and credential disclosure", "UXSS via Intent extra data", "Bypassing same-origin policy for local files with symlinks", and two that actually make sense to a common reader: "Android APIs exposed to JavaScript", and "Cookie theft by malicious local Android app". 

Good job to Artem and Takeshi. And, if you want to take advantage of the new security fixes, you'll need an Android device running ICS or Jelly Bean, and you'll need to jump over to the Google Play Store to get the update. 

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless