Critical Race Condition Flaw Fixed in Chrome 22
Atte Kettunen of OUSPG got $3,133.7 (around 2,500 EUR) for finding it
Google has updated the Stable channel of Chrome to 22.0.1229.92 on all platforms. Although only 5 security holes have been addressed with this release, one of them has been catalogued as being critical.The critical security hole – discovered by Atte Kettunen of OUSPG – was a race condition in audio device handling. For his findings, the researcher was rewarded with a leet prize of $3,133.7 (around 2,500 EUR).
Kettunen was awarded an additional $1,000 (800 EUR) for identifying a high-severity flaw caused by a crash in Skia text rendering.
Arthur Gerkis received $500 (400 EUR) for a medium-severity OOB read in ICU regex bug and Inferno of the Google Chrome Security Team got a pat on the back (or whatever these guys get) for locating an out-of-bounds read in compositor.
Finally, Chris Evans of the Google Chrome Security Team noticed that the plug-in crash monitor was missing for Pepper plug-ins.
Google Chrome is available for download here