CNET también está disponible en español.

Ir a español

Don't show this again

Google pays first top-end bounty for Chrome vulnerability

A critical Chrome vulnerability dealing with speech handling yields a $3,133.70 payment and a new stable version of the browser.

Google Chrome logo
Google

If there's a competition to uncover security holes in Google's browser, Sergey Glazunov is winning it.

Yesterday Google awarded him $3,133.70 ("eleet") for finding a critical vulnerability that Google patched with a new release of Chrome yesterday.

It's the first time Google paid out this top bounty, but not the first time it's paid Glazunov. He's also been paid $1,337 four times for the "leet" level of vulnerabilities, eleven times for the $1,000-level, and once at the $500 level.

The critical vulnerability relates to a "stale pointer in speech handling," Google said, but hasn't published further details. Critical vulnerabilities let an attacker run arbitrary software on a person's computer just by visiting a Web site.

Google issues Chrome updates automatically, so restarting the browser installs the new version.

Close
Drag
Autoplay: ON Autoplay: OFF