External researchers have been rewarded with a total of $27,000 (€20,000)
Google has released Chrome 30, and a total of 50 security issues have been fixed in this latest version.The list of vulnerabilities reported by external researchers includes ten high-impact and six medium-impact flaws.
The high-impact issues refer to use-after-free vulnerabilities in inline-block rendering, in PPAPI, in XML document parsing, in DOM, in resource loader, in the Windows color chooser dialog, and in template element. A memory corruption in V8 and an address bar spoofing bug related to the “204 No Content” status code also fall into this category.
The medium-impact vulnerabilities include a use-after-free in Web Audio, an out of bounds read in the same component, and an out of bounds read in URL parsing.
The security researchers credited for finding vulnerabilities are Atte Kettunen of OUSPG, Boris Zbarsky, Chamal de Silva, Byoungyoung Lee, and Tielei Wang of Georgia Tech, cloudfuzzer, Khalil Zhani, Wander Groeneveld, Masato Kinugawa, Adam Haile of Concrete Data, and Jon Butler.
They’ve been rewarded with a total of $19,000 (€14,000) for their work.
Atte Kettunen, cloudfuzzer, and miaubiz have been awarded an additional $8,000 (€5,900) for working with Google on addressing security issues during the development cycle.
Download Google Chrome