Google has already released Chrome 11 onto the interwebs with a host of improvements such as speech input through HTML, among others. But it also made a few people richer by a few thousands of dollars, $16,500 to be precise. Those who won the coveted prize were Chromium development community members who helped Google in patching a number of security risks and flaws and in releasing a stable version of Chrome 11.
Fixing makes it better
In a posting on the Chromium Blog, out of the 27 holes found, three of them are deemed ‘low risk’ six are ‘medium risk’, while the remaining eighteen are dubbed as ‘high risk’. The flaws included in the logs among others were:
Medium CVE-2011-1435: Bad extension with ‘tabs’ permission can capture local files. Credit to Cole Snodgrass.
Medium CVE-2011-1452: URL bar spoof with redirect and manual reload.
High CVE-2011-1441: Bad cast with floating select lists.
High CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
Google paid out $500-$1000 depending on the severity of the detected flaw. For more details, head on over to the Chromium blog page or click here to read how Google maintains its Chromium Security Rewards program.