ITVoice News: Google released the next version of its Chrome browser yesterday. The Chrome 38 brings a host of new features and security patches. Google’s main focus was on security fixes. Google has packed 159 bug fixes in Chrome 38, along with 113 memory fixes in its open-source Memory Sanitizer application. So that makes the total of 272 security and bug fixes in Chrome browser.
There are no reports of any of these 272 security holes being exploited by any hacker or attacker. But security researchers found these bugs and Google fixed them to make your browsing experience much more secure. Google is paying bug bounty of total $75,633.70 for these bug reports to security researchers. Juri Aedla found this bug CVE-2014-3188 which could remotely execute code. Bugs in Inter-Process Communication (IPC) and Google V8 JavaScript engine had an ability to trigger CVE-2014-3188. Juri Aedla got reward of $27,633.70, which is top payout by Google for bug reports in Chrome 38. Aedla grabbed addition reward of $4,500 for information leakage inV8, the bug is named as CVE-2014-3195.
Another anonymous security researcher, known as “cloudfuzzer”, reported memory related flaws. The bugs are named as, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191 and CVE-2014-3192. Cloudfuzzer won total reward of $11,000 by Google.
Google pushes many alpha and beta versions of Chrome browser before releasing the final stable build. Multiple bugs were found and reported during these small releases by Google, Google is yet to payout reward for these reported bugs. Matthew Yuan, a Google Chrome developer has written, “We would also like to thank Atte Kettunen of OUSPG and Collin Payne for working with us during the development cycle to prevent security bugs from ever reaching the stable channel. “$23,000 in additional rewards were issued for these developers and researchers.”
Google has recently announced an increase in the bug bounty, top listed payout for Sandbox escape category bug reports is $15,000 as per the new policy of bug bounty. It’s good to note that, Aedla was paid almost double that what Google has listed as top bug bounty. Google started rewarding security researchers for bug reports in 2010, ever since then, Google has spent over $1.25 million as bug bounty.
