Google patches nine flaws in Chrome
Google has rolled out a security update to fix nine flaws in its Chrome browser.
Chrome patched two critical vulnerabilities, six high risk weaknesses and one rated medium.
The two critical bugs caused a crash on shutdown and memory corruption, while the high risk bugs included one that allowed the address bar to be spoofed. The full details weren’t released in order to give the update time to reach users first, Google said.
Security researcher Sergey Glazunov once again picked up some cash from Chrome, reporting four bugs. He was paid out $1337 each for two bugs and awarded $1000 each for the other two, which caused memory corruption in the browser.
Google recently increased its bug bounty from a maximum $1,337 to over $3,000.
Google also paid out for a bug in Microsoft’s Windows, according to developer Jason Kersey in a post on the Chromium blog.
“Aside from the listed security bugs fixed in Chromium, we have also deployed a workaround for a critical vulnerability where the root cause lies in an external component,” Kersey said. “Credit and $1337 to Marc Schoenefeld for enabling us to work around another Windows kernel bug.”
This is the third time Google has paid out for a flaw in third-party software, for what it calls “not our fault” bugs.