Google is no stranger to paying security researchers for identifying security flaws, though until now the company has never paid out more than $3,337 per issue to any single security researcher.
With the Chrome stable 17.0.963.65 browser which was released late Sunday, Google has created a new class of security awards that changes the pay scale. For the Chrome 17.0.963.65, Google decided to single out three researchers and their respective contributions with a special award of $10,000 each. Those three researchers combined to discover and report 12 out of 13 High impact flaws fixed in the Chrome 17.0.963.65 update.
The first award is going to a researcher who uses the alias “Miaubiz” for his effort on WebKit fuzz testing. WebKit is the underling rendering engine for Chrome as well as the Apple Safari browser. In Chrome 17.0.963.65, miaubuz was credited with the discovery of eight high impact flaws, for which Google is paying him an additional $9,500 in awards. As such, miaubiz will walk away from the Chrome 17.0.963.65 release with $19,500 from Google for his efforts in reporting security flaws. Five of Miaubiz’s flaws were various use-after-free memory errors affecting multi-column handling, quote handling, class attribute handling, table section handling, and flexbox with floats.
Read the full story at eSecurityPlanet:
Chrome 17 Bug Finders Get Pay Raise
Sean Michael Kerner is a senior editor at InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals. Follow him on Twitter @TechJournalist.