Google gives away $10K in Bounty for finding Chrome Bugs

Web browser manufacturers are taking the cue from Google and offshoring the tedious task of finding critical bugs and vulnerabilities to the users and enthusiasts. This simple yet effective method is called crowdsourcing. To make things hotter, they have included a reward system according to which, the user finding the bug is awarded a handsome sum of money.

Recently, Mozilla Firefox raised the bounty amount to $3000 and Google had to get the better of Mozilla. Therefore, it increased the maximum bounty for Chrome vulnerabilities to $3133.70 last month.

Ten bugs were fixed. However, none of the bug fixes received the top bounty from Google, which amounts at $3133.70. Google only gave away a total valuation of $10K of rewards.

The security update was released for Chrome 5.0.375.125. While one of the bugs allowed revealing passwords or spoofing the address bar content, another bug allowed hacks through malicious files.

As Gregg Keizer at Computerworld says,

Sergey Glazunov banked $4,674 for reporting four bugs, including the previous maximum $1,337 each for two of the quartet. A researcher known as “kuzzcc,” who has also reported flaws in Opera to that  browser‘s Norwegian maker, took home $2,000 for uncovering a pair of Chrome vulnerabilities.

This is a record update from Google, as it has never given away such a huge amount in overall bounties at the same time. Get Google Chrome version 5.0.375.125 and other versions from here.


Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.