The latest Google Chrome browser update comes with 33 vulnerability patches, including 13 that are high-severity. It’s all thanks to community contributors and bug fighters who submitted fixes for Chrome’s bug bounty program.
Many of the vulnerabilities fixed in this release were part of the browser’s engine Blink, but some of the more high-severity discoveries were for Chrome’s built-in PDF reader, PDFium.
This big rollout of bug fixes follows another busy month, where 48 vulnerabilities were patched in July alone. Some of the bug bounty contributors netted themselves quite a bit of cash too, up to $7,500 per cross-site scripting bug caught.
The beauty of a bug bounty program is that anyone with some programming and security know-how can examine the code of the program in question and find potential security risks.
If the security vulnerability is verified, the researcher is compensated for their work by the company that set the bounty, and we, the consumers, all have a safer experience for it.
Thousands of software companies now offer bug bounties for researchers to find security flaws in their programs, from small firms to large enterprises.
And it’s not just companies that offer such rewards. Recently, the US Department of Defense created its own bug bounty called “Hack the Pentagon,” which rewarded 138 researchers for their discoveries of critical security flaws in national defense infrastructure.
The Chrome update will be rolled out over the next few weeks. Google says that details about the bugs may be kept under wraps until most users have updated.
Source: NakedSecurity