Google has fixed seven vulnerabilities in the Chrome web browser and paid $10,000 to researchers who reported them.
The company also patched security holes in an update for Chrome’s Flash player.
Researcher Sergey Glazunov scored $8000 for reporting five Chrome bugs, including $4500 for three use after free bugs in v8 bindings.
Glazunov has dominated Google’s Chromium security hall of fame which pays researchers for reporting security bugs in the Chrome browser.
A lone critical vulnerability (CVE-2011-3873) patched related to a memory corruption bug in Chrome’s shader translator.
- [$1000] [93788] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz.
- [$1000] [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz.
- [$2000] [95671] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov.
- [96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno).
- [$4500] [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov.
- [$1500] [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov.
- [98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
