Home / Vulnerability / Security researcher rewarded $21,500 and others for Chrome bug

Security researcher rewarded $21,500 and others for Chrome bug

The American Corporation, Google,  just released an update of its browser, Chrome 28 for Windows, Mac and Chrome Frame. The automatic update includes security fixes.

Softpedia reports, the update is important for it includes a large number of vulnerabilities been addressed.

Here are rewards and credits to security researchers.

  • [$21,500] A special reward for Andrey Labunets for his combination of CVE-2013-2879 and CVE-2013-2868 along with some (since fixed) server-side bugs.
  • [$6267.4] [244746] [242762] Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne.
  • [$3133.7] [244260] Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA
  • [$2000] [243991] [243818] High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz.
  • [Mac only] [242702] Low CVE-2013-2872: Possible lack of entropy in renderers. Credit to Eric Rescorla.
  • [$1000] [241139] High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz.
  • [Windows + NVIDIA only] [$500] [237611] Medium CVE-2013-2874: Screen data leak with GL textures. Credit to “danguafer”
  • [$500] [233848] Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz.

You may want to read the full article, Chrome Release: Stable Channel Update.


About Clifford Trigo

Hi there! I am Clifford Trigo from the island of Bohol, come over here and lets have fun! :3 Just keep reading :D