Google plugged 16 security holes in the latest release of Chrome, including one that netted the top prize in Google’s bug rewards program.
Of the 16, 13 were classified as “high” security threats, while two others were labeled as “medium.” The remaining bug was classified as “critical”, Google’s highest rating.
It was the critical bug, whose discovery was credited to researcher Sergey Glazunov, that garnered a record prize of $3,133.70. Described as a “stale pointer in speech handling”, further details of the vulnerability are currently locked away in Google’s bug tracking database.
“We’re delighted to offer our first ‘elite’ $3133.7 Chromium Security Reward to Sergey Glazunov,” Google Chrome team member Jason Kersey blogged.
Kersey noted that Glazunov also received rewards for other bugs patched in the latest update as well.
Among the other bugs discovered by Glazunov and other researchers are a buffer overflow in PDF shading, stack corruption after PDF out-of-memory condition and bad pointer handling in node iteration.