Google offers bigger bucks in Chrome bug hunt

From CNET News.com: Google's program to pay outsiders who find Chrome security vulnerabilities is working well enough that the company has concluded it's time to add new financial rewards.

"Recently, we've seen a significant drop-off in externally reported Chromium security issues," Chrome programmer Chris Evans said in a blog post yesterday. "This signals to us that bugs are becoming harder to find, as the efforts of the wider community have made Chromium significantly stronger."

Thus, Google added a new $1,000 bonus on top of the regular incentive in three circumstances. The bonus applies if a vulnerability is "particularly exploitable" and comes with a demonstration; if it's in an open-source software library used beyond just Chrome; or if the vulnerability is in a stable area of Chrome that Google thought had been already picked clean of bugs.

Google so far has paid more than $1 million for finding Chrome security holes, most notably one $60,000 payment to Sergey Glazunov and another to "PinkiePie."

Also yesterday, Google released Chrome 21.0.1180.79 for Mac, Linux, Windows and Chrome Frame to fix a vulnerability in Adobe Systems' Flash Player, which is built directly into Chrome.

View: Article @ Source Site