- An anonymous researcher picked up a $25,633 bug bounty for discovering a critical vulnerability in Chrome CVE-2016-1629.
- It is patched in version 48.0.2564. The flaw is a same origin bypass in the web browser engine and Chrome sandbox escape.
- The amount paid by Google to the researcher is believed to be higher than the amount that Google usually pays (which is less than $10,000).
- There are ways bounty hunters can earn much more for such flaws. (e.g. upcoming Pwn2Own competition – up to $60K, exploit acquisition firms like Zerodium pay up to $80K).
- Mozilla also updated Firefox this month to patch a critical same-origin policy violation.