One Critical, Four High-Risk Vulnerabilities Fixed in Chrome 28
Andrey Labunets has been rewarded with $21,500 (€16,825)
On the other hand, the largest amount of money has been given to Andrey Labunets. Labunets has identified a high-impact flaw described as “confusion setting up sign-in and sync.”
He has also discovered a medium-severity “incorrect sync of NPAPI extension component.” Google has been impressed by the combination of the two issues, so the company rewarded the researcher with $21,500 (€16,825).
Other high-severity vulnerabilities – a use-after-free in input handling, and a use-after-free in resource loading – have been identified by miaubiz. The expert has been rewarded with a total of $3,000 (€2,347).
The Chrome team’s internal security work has led to the discovery of various issues (CVE-2013-2880) that have been catalogued as being high-risk.
In addition, seven medium- and three low-impact security holes have been addressed in Chrome 28. One of the low-impact issues affects only Macs.
The latest version of Chrome for Windows is available for download here
The latest version of Chrome for Mac is available for download here
The latest version of Chrome for Linux is available for download here
... so hot right now