Google has issued an update to its Chrome browser to address six security flaws, three of which it deemed highly severe. In a twist, the search giant awarded an outside security researcher $500 for calling attention to the bugs.
eSecurity Planet has the story on the bugs, and what happened to the award money.
Google is updating its Chrome browser for Windows, fixing six security flaws in the first update of the Chrome 4 stable Windows build since it debuted at the end of January.
The new Chrome 4.0.249.89 release also marks the first time that Google has publicly stated that it has paid a security researcher for finding a flaw in Chrome.
Under Google’s new bug bounty program — the Chromium Security Award, which pays researchers for responsibly reporting security issues to the company — researcher Timothy Morgan of Virtual Security Research reported an HTTP authentication flaw in Chrome, which Google rated as medium in severity.
For his efforts, Google awarded Morgan $500. However, according to Google Chrome Program Manager Anthony Laforge, Morgan donated the Google reward to the Haiti relief effort. Laforge noted in a blog post that Google then upped the donation to $1,337.
The Chrome 4.0.249.89 update also tackles three vulnerabilities that Google has rated as having a high severity. The three high-severity flaws fixed in the 4.0.249.89 update include what Laforge described as integer overflows in the v8 JavaScript engine, an error processing the Ruby tag and an integer overflow deserializing sandbox message.