The most serious Chrome vulnerability, rated as critical, is a memory corruption flaw in Chrome’s vertex handing – code that adds 3-D shapes and other special effects. Michael Braithwaite of Turbulenz was awarded $1,337 for identifying that flaw.
Nine of the Chrome vulnerabilities are rated as high, including four use-after-free flaws, which are a type of memory management flaw that can expose the browser to attack code injection. Michel Aubizziere (miaubiz) was awarded $2,000 for identifying two of those flaws.
Researcher Sergey Glazunov was awarded $2,500 for finding two flaws rated as high – a cross-origin violation with empty origins and an integer overflow in uniform arrays.
One Chrome flaw is rated as medium, a URL parsing confusion on the command line.
So far this year, Google has paid out over $120,000 in Chrome bug bounties, according to an estimate by ComputerWorld.
No tags.
