Big tech companies disagree about whether it’s a good strategy to pay security researchers who provides information that leads to fixed code vulnerabilities. Fortunately for some skilled researchers, Google is a company that believes in this practice.
Google is updating the stable version of its Chrome Web browser to address at least eleven security issues. As a result, the new Chrome 5.0.375.127 stable channel version is now available for Windows, Mac and Linux users, with fixes that patch a variety of potential security holes.
“These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or conduct spoofing attacks,” US-CERT noted in its advisory on the update.
While Google has its own security team, the 5.0.375.127 release evidently benefited from the contributions of multiple third-party security researchers. At the beginning of 2010, Google’s Chromium Security Award initiative was launched as a way to both solicit and reward security researchers for their discoveries.
Google is an advocate of paying security researchers for their discoveries, as is rival browser vendor Mozilla, maker of the Firefox browser. As part of the Chrome 5.0.375.127 release, Google said it shelled out a total of $10,008 in bounties to a handful of researchers for their discoveries.
Read the rest at eSecurity Planet.