A total of 45 vulnerabilities has been found in Google Chrome with the assistance of ‘bug hunters’. Google is said to have paid the third-party experts at least $21,500 in return for their help. Patching the enclosed vulnerabilities will improve browsing noticeably and make it safer. As a result of the extent bug research, Chrome 42.0.2311.90 was born.
The improved browser used by millions worldwide promises to integrate various enhancements and to encompass ‘answer to The Ultimate Question of Life, the Universe, and Everything’.
The abstract reference is inspired by the plentiful mathematical components of number 42 and its central position in The Hitchhiker’s Guide to the Galaxy.
As for the disclosed vulnerabilities, hiring bug bounties has proven to be a very effective method to patch vulnerabilities.
Enterprises are willing to pay thousands of dollars in order to solve security issues. Google, in particular, rewarded an anonymous independent researcher $7,500 / €7,000 who fixed the flaw CVE-2015-1235. CVE-2015-1235 granted cross-origin bypass in Chrome’s HTML parser.
Another problem that was fixed concerns the web browser engine Blink that is part of Google’s Chromium project. The cross-bypass vulnerability dubbed CVE-2015-1236 was disclosed by the software developer Amitay Dobo and was rewarded $4,000 / €3,750.
Next on the list of the highest amount of money paid is Khalil Zhani, an independent researcher from Morocco. He found a use-after-free fault in the inter-process communication and in exchange received $3,000 / €2,800.
Google ready to continue the practice and pay more money to ‘outsiders’
Google representatives say that the total value of rewards is yet to be established, since there are reports still being processed by the company. This means that the sum of $21,500 may be outgrown.