Google Chrome 26, the latest version of the company’s browser, is out and it contains a number of security patches, most notably a fix for a high-priority use-after-free vulnerability in the Web Audio component of the browser.
That vulnerability, discovered and reported by Atte Kettunen, is the only one in Chrome 26 for which Google paid a bug bounty as part of its reward program. All of the other vulnerabilities were discovered by members of the company’s own security team or the bugs just didn’t qualify for a reward. This continues a somewhat recent trend of the number of vulnerabilities qualifying for rewards from Google declining as it becomes more and more difficult to find serious bugs in the browser.
Google has raised the amount of money paid for serious vulnerabilities in order to attract more submissions from security researchers, but the improved defenses in Chrome have made life more difficult for would-be submitters.
Here is the full list of vulnerabilities patched by Google in Chrome 26:
googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29
xysec.com/
code.google.com/p/chromium/issues/detail?id=112325
code.google.com/p/chromium/issues/detail?id=168442
code.google.com/p/chromium/issues/detail?id=169632
code.google.com/p/chromium/issues/detail?id=169765
code.google.com/p/chromium/issues/detail?id=169972
code.google.com/p/chromium/issues/detail?id=169981
code.google.com/p/chromium/issues/detail?id=172342
code.google.com/p/chromium/issues/detail?id=174129
code.google.com/p/chromium/issues/detail?id=174943
code.google.com/p/chromium/issues/detail?id=177410
code.google.com/p/chromium/issues/detail?id=178760
code.google.com/p/chromium/issues/detail?id=180555
code.google.com/p/chromium/issues/detail?id=180909
threatpost.com/google-fixes-11-flaws-chrome-032613/
threatpost.com/google-sweetens-bug-bounty-pot-081512/