Google pays $3500 for 7 Chrome security bugs

Google pays $3500 for 7 Chrome security bugs
One of the more popular ways to help speed up bug fixes and make the overall update process easier is to outsource some work, and a great way to do that is to offer rewards to those out there who find bugs. Almost every app update that comes out has unspecified "bug fixes" or "security fixes", and we never really get an explanation of what the specifics are because the info usually isn't all that interesting. We won't lie, you may not be interested in the specific bug fixes in Chrome either, but what is pretty cool is learning about the bounty that Google paid out to those who found the 7 security bugs. 

The security bugs fixed are all labeled as "medium" level threats, and that brings a bounty of $500 for whoever finds them. This new Chrome update has 7 security bugs found by two different people, meaning Google ended up paying out $3500 just for the reports that these bugs existed. Artem Chaykin made $1000 for finding a bug on "Information and credential disclosure", and one on "Current-tab cross-application scripting". 

But, Takeshi Terada was the big winner, netting $2500 for finding 5 bugs. Three that are a bit jargony: "Information and credential disclosure", "UXSS via Intent extra data", "Bypassing same-origin policy for local files with symlinks", and two that actually make sense to a common reader: "Android APIs exposed to JavaScript", and "Cookie theft by malicious local Android app". 

Good job to Artem and Takeshi. And, if you want to take advantage of the new security fixes, you'll need an Android device running ICS or Jelly Bean, and you'll need to jump over to the Google Play Store to get the update. 

FEATURED VIDEO

6 Comments

1. XPERIA-KNIGHT unregistered

good job for finding them..........now fix them soon as possible google!

2. Quezdagreat

Posts: 428; Member since: Apr 05, 2012

It looks like 80% of android phones won't get this security fix :(

3. networkdood

Posts: 6330; Member since: Mar 31, 2010

strikercho

4. soshi

Posts: 154; Member since: Mar 08, 2012

updating now :D

5. JoeBelfiore

Posts: 79; Member since: Sep 03, 2012

Android... always unsecure

6. BSTManCMc

Posts: 16; Member since: Jul 28, 2012

iOS still as vunerable but you believe the fallacy about secure, and never learn or grow from the person you are now!

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.