What would you do with $1.25 million dollars? Buy a house, fund your kids’ college educations, or take that dream vacation…sure you would. Most of us would settle for just a slice of that million-dollar pie, and several security bounties have done just that.
Version 38 of Google’s Chrome browser has been released. Included in the updates are a total of 272 fixes–159 security fixes, and 113 fixes categorized as “relatively minor” that were found using MemorySanitizer.
On the surface, 272 sounds like a ton of vulnerabilities. However, hackers have not exploited these loopholes; therefore, they were caught before any damage was done. In fact, Google has awarded bounties over $75,000 for the discovery of the flaws found in Chrome version 38.
Google has paid out $1.25 million dollars to date to security “bug bounties” that have discovered and reported security flaws through its Security Reward Programs:
The Chrome Reward Program was launched in January 2010 to help reward the contributions of security researchers who invest their time and effort in helping Google to make Chrome and Chrome OS more secure. Through this program monetary awards and public recognition are given for vulnerabilities deemed as “responsibly disclosed” to the Chrome project. Rewards for qualifying bugs typically range from $500 to $15,000. Reward amounts for the Vulnerability and Patch Rewards programs, launched in November 2010 and October 2013 respectively, differ slightly.
How can you get a slice of the million-dollar pie? Google invites interested parties to report security bugs through a secure form. Before submitting a flaw, however, one should review Google’s Security Reward Program documentation, FAQs, etc.