Chrome 22 got published, researchers won $30000 in bug bounties
Chrome v22 has been released, and with it over 40 vulnerabilities – 15 of which high-severity – have been closed.
Google’s reward program for the responsible disclosure of vulnerabilities in the company’s assets is obviously a great success for Google, but also for independent vulnerability hunters such as Sergey Glazunov, who has been one of the graters contributors since the start of the bug bounty program in 2010.
This time he managed to earn himself $15,000 for two high-severity universal cross-site scripting bugs in frame handling ($10,000) and in Chrome’s V8 engine ($5,000).
Researchers Eetu Luodemaa and Joni Vähämäki from independent software vendor Documill have also received a $5,000 reward for a critical Windows kernel memory corruption bug.
If the prizes seem big, it’s because until recently the rewards usually ranged from $500 to $1337, depending on the severity of the bug.
But Google has upped in August the monetary incentive for the bug hunters due to the fact the the majority of “low-hanging” vulnerabilities have already been reported and fixed, and additional bugs hard to find.
Bonuses for very severe, or particularly exploitable bugs, and for bugs outside of Chrome or that impact a wider range of products have been added, allowing researchers to receive these bigger rewards.
For a list of other resolved bugs and credit and prizes awarded for them, check out Google’s Chrome Releases blog post.