Google patches 43 vulnerabilities in Chrome browser

Researchers are credited for finding just under half of the 43 vulnerabilities fixed in Google's new version of its Chrome web browser, earning them thousands of dollars in rewards.

Version 44 of Chrome comes with fixes for a range of vulnerabilities in the browser and its component software. Some are rated as serious, such as a universal cross-site scripting flaw affecting the Android version, and another in the Blink rendering engine that could leak data to attackers.

Another flaw, CVE-2015-1274, discovered by researcher Andrew Meyer, is also rated as high severity - Chrome default settings "allowed executable files to run immediately after download".

While Meyer's reward for finding the flaw in Chrome is yet to be determined, Google paid US$7,500 for each of the UXSS vulnerabilities above as part of its bug bounty program.

Google handed out just under US$40,000 to external researchers, with more potentially to come, as four vulnerabilities are still under evaluation for payouts.

The online giant set up its bug hunting program in 2010, and rewarded researchers with cash bounties for finding many thousands of flaws in Chrome, Android and other Google products and services.