Critical Race Condition Flaw Fixed in Chrome 22

Atte Kettunen of OUSPG got $3,133.7 (around 2,500 EUR) for finding it

By on October 9th, 2012 11:07 GMT

Google has updated the Stable channel of Chrome to 22.0.1229.92 on all platforms. Although only 5 security holes have been addressed with this release, one of them has been catalogued as being critical.

The critical security hole – discovered by Atte Kettunen of OUSPG – was a race condition in audio device handling. For his findings, the researcher was rewarded with a leet prize of $3,133.7 (around 2,500 EUR).

Kettunen was awarded an additional $1,000 (800 EUR) for identifying a high-severity flaw caused by a crash in Skia text rendering.

Arthur Gerkis received $500 (400 EUR) for a medium-severity OOB read in ICU regex bug and Inferno of the Google Chrome Security Team got a pat on the back (or whatever these guys get) for locating an out-of-bounds read in compositor.

Finally, Chris Evans of the Google Chrome Security Team noticed that the plug-in crash monitor was missing for Pepper plug-ins.

Google Chrome is available for download here

Comments