Google pays $14,000 for high-risk Chrome security holes

Google has shelled out more than $14,000 in rewards for critical and high-risk vulnerabilities affecting its flagship Chrome web browser.

The latest Google Chrome 8.0.552.237, available for all platforms, patches a total of 16 documented vulnerabilties, including one critical bug for which Google paid the first elite $3133.7 award to researcher Sergey Glazunov.

“Critical bugs are harder to come by in Chrome, but Sergey has done it,” says Google’s Jerome Kersey. “Sergey also collects a $1337 reward and several other rewards at the same time, so congratulations Sergey!,” he added.

Here are the details on the latest Chrome patch batch.

• [58053] Medium Risk: Browser crash in extensions notification handling. Credit to Eric Roman of the Chromium development community.
• [$1337] [65764] High Risk: Bad pointer handling in node iteration. Credit to Sergey Glazunov.
• [66334] High Crashes when printing multi-page PDFs. Credit to Google Chrome Security Team (Chris Evans).
• [$1000] [66560] High Risk: Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
• [$500] [66748] High Risk: Stale pointer with CSS + cursors. Credit to Jan ToÅ¡ovský.
• [67100] High Risk: Use after free in PDF page handling. Credit to Google Chrome Security Team (Chris Evans).
• [$1000] [67208] High Risk: Stack corruption after PDF out-of-memory condition. Credit to Jared Allar of CERT.
• [$1000] [67303] High Bad memory access with mismatched video frame sizes. Credit to Aki Helin of OUSPG; plus independent discovery by Google Chrome Security Team (SkyLined) and David Warren of CERT.
• [$500] [67363] High Risk: Stale pointer with SVG use element. Credited anonymously; plus indepdent discovery by miaubiz.
• [$1000] [67393] Medium Risk: Uninitialized pointer in the browser triggered by rogue extension. Credit to kuzzcc.
• [$1000] [68115] High Risk: Vorbis decoder buffer overflows. Credit to David Warren of CERT.
• [$1000] [68170] High Risk: Buffer overflow in PDF shading. Credit to Aki Helin of OUSPG.
• [$1000] [68178] High Risk: Bad cast in anchor handling. Credit to Sergey Glazunov.
• [$1000] [68181] High Risk: Bad cast in video handling. Credit to Sergey Glazunov.
• [$1000] [68439] High Risk: Stale rendering node after DOM node removal. Credit to Martin Barbella; plus independent discovery by Google Chrome Security Team (SkyLined).
• [$3133.7] [68666] Critical: Stale pointer in speech handling. Credit to Sergey Glazunov.

Google is withholding technical details on the vulnerabilities until the patches are released to its users.  Google ships updates via the browser’s silent/automatic update mechanism.