14 DAY TRIAL // Google has pushed Chrome 6.0.472.59 to the Stable and Beta channels for Windows, Mac, Linux and Google Frame, addressing multiple high risk vulnerabilities in the open source browser.
One of the patched bugs is marked as critical, but only affects Chrome on the Mac platform. It was discovered by Sergey Glazunov, a regular Chrome bug hunter and one "remy.saissy," each of them receiving $500 rewards for the find.
A single vulnerability was rewarded with $1,000 – a use-after-free condition in SVG styles credited to a browser security researcher and another regular Chrome bug hunter calling himself kuzzcc.
In fact kuzzcc is also credited with the discovery of three other high flaws and one low risk one. They involve a use-after-free with nested SVG elements, a race condition in console handling, a memory corruption in Geolocation and an unlikely browser crash in pop-up blocking (low).
He received $500 for each of the high risk bugs, bringing his total reward for flaws addressed in this Chrome release to $2,500.
Another high use-after-free issue triggered when using document APIs during parse was identified by David Weston of Microsoft Vulnerability Research and an independent researcher from team 509 named wushi.
There are also two Linux-only vulnerabilities, a high risk and a low risk one. The high risk bug was discovered by Chris Evans of Google Chrome's own security team and involves memory corruption during Khmer handling.
The low risk one is described as a possible browser assert in cursor handling and has been credited to "magnusmorton". The final flaw, also rated with a low impact was discovered by "adriennefelt" and refers to a failure to prompt for extension history access.
Google's Chromium Security Reward program theoretically pays $500 for any security bug deemed clever enough by the review committee. However, the company also awards $1,000, $1,337 (leet), $2,000 and $3,133.7 (eleet) prizes in certain cases.