Google Chrome 29 Update Fixes 25 Flaws, CloudFuzzer Is Big Winner
How much does it cost to patch 25 flaws in an open-source Web browser?Google is updating the stable version of its Chrome browser to version 29.0.1547.57 across the Windows, Mac and Linux operating system platforms. The new update includes at least 25 security fixes as well as an improved Omnibox search capability and a new browser reset feature. In any given Google Chrome update, Google credits and rewards multiple researchers for their contributions to Chrome security. With the Chrome 29.0.1547.57 release, Google is crediting only four researchers for the discovery of six flaws. Three of those flaws were discovered by a single researcher, working under the alias "cloudfuzzer." In total, Google awarded $6,174 in reward money to the four researchers, with cloudfuzzer pocketing $3,000 of that total. Google recently revealed that it has paid out over $2 million in bug bounties to security researchers since 2010. So what did cloudfuzzer find to earn $3,000? cloudfuzzer reported three separate use-after-free errors in Chrome that affect Extensible Stylesheet Language Transformation (XLST), media elements and document parsing. Use-after-free errors occur when allocated memory that is no longer in use is still available as legitimate memory space for an attacker to use to launch an attack. Google is often able to find use-after-free flaws with its own security resources by way of its open-source Address Sanitizer tool.
Security researcher Krystian Bigaj was awarded $1,337 for reporting an incomplete path sanitization issue, while Alex Chapman was awarded the same amount for an integer overflow issue. Christian Jaeger was awarded $500 for reporting an information leak issue related to overly broad permissions on shared memory files.