Google released Chrome 38 for Windows, Linux and Mac, which patches 159 security vulnerabilities.
In late September, Google said it was going to start paying more money to researchers who contribute to making Chrome more secure. More precisely, it promised between $500 and $15,000 per bug. The company rewarded researchers who reported Chrome vulnerabilities with a total of $75,000.
According to the company, of the 159 flaws fixed in Chrome 38, 113 are relatively minor bugs found with the aid of MemorySanitizer, a tool designed to detect uninitialized memory reads in C/C++ programs.
The largest reward went out to Jüri Aedla, who identified a combination of V8 and IPC bugs that can lead to remote code execution outside the sandbox (CVE-2014-3188). Aedla earned $27,633.70 for finding this critical issue which affects Chrome and Chrome OS. The researcher also got $4,500 for an information leak in V8 (CVE-2014-3195).
According to Google’s new payment scheme, the maximum reward for a well-documented sandbox escape is $15,000. However, the company pays much more for great reports.
A researcher using the online moniker “cloudfuzzer” earned $11,000 for identifying four high-severity vulnerabilities. The researcher uncovered three use-after-free issues in Events, Rendering and DOM, and an out-of-bounds read in PDFium.
James Forshaw earned $3,000 for a permission bypass in the Windows sandbox. Miaubiz and Takeshi Terada each received $1,500 for a high-severity type confusion in session management, respectively a medium-severity information leak in XSS Auditor.
Atte Kettunen of OUSPG and Collin Payne got $1,500 and $2,000 for finding vulnerabilities. However, Google gave them an additional $23,000 for working with the company during the development cycle to ensure security flaws don’t make their way to the stable channel.
Chrome for iOS also ended up updated. In addition to better support for iPhone 6, the latest release also includes a fix for a low-severity issue with FaceTime and FaceTime-audio URL schemes identified by Matias Brutti.