Chrome update costs Google almost $14,500
Google's security update 8.0.552.237 for Chrome closes a total of 16 security holes. One of the vulnerabilities in the browser's speech handling has been rated critical by the developers, as it allows code to be executed outside of the protective sandbox. Developer Sergey Glazunov, who discovered the hole, was awarded $3,133.7 for his find. This is the first time that Google has paid such a high sum since the security reward programme was extended and the reward premiums were increased.
Glazunov has done well really well, also receiving $1,000 for each of three other holes, and $1,337 for another issue. Altogether the developer received $7,470.7 for the five vulnerabilities he discovered. Other developers were rewarded for eight further vulnerabilities, and Google paid out a total of nearly $14,500 in reward premiums as part of its Chromium Security Reward programme.
Google also updated its Chrome OS to version 8.0.552.334, integrating the security fixes noted above. Although only few attacks on Chrome have been observed in the past few years, all users are advised to upgrade to the latest release.
More details about the Stable channel security updates can be found in a post on the Google Chrome Releases Blog. Chrome 8.0.552.237 is available to download for Windows, Mac OS X and Linux from google.com/chrome. Users who currently have Chrome installed can use the built-in update function by clicking Tools, selecting About Google Chrome and clicking the Update button.
- Google releases Chrome 8.0 stable, a report from The H.