This article is more than 1 year old

Google pays $65k to shutter 23 Chrome bugs

Lone researcher cleans up $30k

Google has patched 42 vulnerabilities including 23 contributed by external researchers earning them US$65,000 (£54,030, A$83,732) in rewards.

The patches reported by external researchers cover nine high-, 10 medium- and four low- severity holes.

Half of the payouts went to prolific Polish pwner Mariusz Mlynski who scored US$30,000 (£27,015, A$41,866) for reporting four cross-origin bypasses in Chrome.

Researchers Rob Wu and Guang Gong picked up the two remaining top payments in the patch run landing US$7500 and US$4000 each for another cross-orgin bypass and a type confusion hole.

Wu collected additional bounties for medium- and low- severity holes pulling an extra $US4500.

  • [$7500][590118] High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
  • [$7500][597532] High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [$7500][598165] High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
  • [$7500][600182] High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [$7500][604901] High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu.
  • [$4000][602970] Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360.
  • [$3500][595259] High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler.
  • [$3500][606390] High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
  • [$3000][589848] High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
  • [$3000][613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
  • [$1000][579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime.
  • [$1000][583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
  • [$1000][583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.
  • [$1000][601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
  • [$1000][603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
  • [$1000][603748] Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.
  • [$1000][604897] Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
  • [$1000][606185] Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
  • [$1000][608100] Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
  • [$500][597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
  • [$500][598077] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
  • [$500][598752] Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
  • [$500][603682] Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan.

"We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," Google Chrome test engineer Krishna Govind says.

"Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity or LibFuzzer." ®

More about

TIP US OFF

Send us news


Other stories you might like