Google patches seven Chrome holes, pays $10,000

By on
Google patches seven Chrome holes, pays $10,000

Sergey Glazunov cleans up.

Google has fixed seven vulnerabilities in the Chrome web browser and paid $10,000 to researchers who reported them.

The company also patched security holes in an update for Chrome’s Flash player.

Researcher Sergey Glazunov scored $8000 for reporting five Chrome bugs, including $4500 for three use after free bugs in v8 bindings.

Glazunov has dominated Google’s Chromium security hall of fame which pays researchers for reporting security bugs in the Chrome browser.

A lone critical vulnerability (CVE-2011-3873) patched related to a memory corruption bug in Chrome’s shader translator.

  •  [$1000] [93788] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz.
  • [$1000] [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz.
  • [$2000] [95671] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov.
  • [96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno).
  • [$4500] [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov.
  • [$1500] [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov.
  • [98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.
Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?