Google has fixed a series of serious vulnerabilities in its Chrome OS, including three high-risk bugs that could be used for code execution on vulnerable machines. As part of its reward program, Google paid out more than $30,000 to a researcher who found three of the vulnerabilities.
All of the vulnerabilities that Google fixed in Chrome OS are in the O3D plugin, an API that enables developers to create 3D applications for the Web. Three of the vulnerabilities are high-risk and the other flaw is rated a medium severity bug.
Here are the vulnerabilities that Google fixed in Chrome OS 26:
Ralf-Philipp Weinmann, the researcher who discovered three of the flaws, received $31,336 in bug bounties for his work. Thatโs at the highest end of the rewards that Google pays out in its Chromium reward program. Most of the rewards are in the $1,000-$3,000 range, with some going above that, depending upon the severity of the vulnerability and difficulty of exploitation.
โWeโre pleased to reward Ralf-Philipp Weinmann $31,336 under the Chromium Vulnerability Rewards Program for a chain of three bugs, including demo exploit code and very detailed write-up. We are grateful to Ralf for his work to help keep our users safe,โ Ben Henry of the Chrome team said in a blog post.
googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29
code.google.com/p/chromium/issues/detail?id=196456
code.google.com/p/chromium/issues/detail?id=227158
code.google.com/p/chromium/issues/detail?id=227181
code.google.com/p/chromium/issues/detail?id=227197
code.google.com/p/o3d/