Google Pays $25,000 Reward for Critical Chrome Flaw

  • An anonymous researcher picked up a $25,633 bug bounty for discovering a critical vulnerability in Chrome CVE-2016-1629.
  • It is patched in version 48.0.2564. The flaw is a same origin bypass in the web browser engine and Chrome sandbox escape.
  • The amount paid by Google to the researcher is believed to be higher than the amount that Google usually pays (which is less than $10,000).
  • There are ways bounty hunters can earn much more for such flaws. (e.g. upcoming Pwn2Own competition – up to $60K, exploit acquisition firms like Zerodium pay up to $80K).
  • Mozilla also updated Firefox this month to patch a critical same-origin policy violation.

References

Security Week

SC Magazine

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s