Google Pays Handsomely for the Latest Round of Chrome Bugs
At Google, there continue to be big cash bounties available for talented hackers. We've reported before on the bug bounty program that Google has been running for several years now, focused on rewarding hackers and security researchers with cash for discovering meaningful bugs in the Chrome browser. The company just participated in the annual Pwnium and Pwn2own events, where hackers and researchers are challenged to uncover bugs in browsers, and Google has already patched a number of significant bugs that were uncovered.
The new security update for Chrome on Windows, the Mac, and Linux patched four flaws flagged as High, but not Critical; three flaws in its rendering engine V8; and updated the internal version of Flash Player.
"We’re delighted at the success of Pwn2Own and the ability to study full exploits," Google's Chrome team reports. "We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future. We also believe that both submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on both Pwn2Own submissions in the future."
Bug bounties--cash prizes offered by open source communities to anyone who finds key software bugs--have been steadily on the rise for several years, and both Mozilla and Google offer them. Google is offering more money than most companies do, though.
Last year, Google made headlines for awarding large cash prizes to security researchers who found bugs in Chrome, and the trend still appears to be up.