80 ezer dollárnyi jutalmat fizetett ki a Google a Chrome 40-ben kijavított biztonsági hibák bejelentőinek

Google

A Google-nél tovább folyik a 2010-ben elindított, sikeres Chromium Security Award program. A lényege, hogy a vállalat megjutalmazza azokat, akik a Chrome böngészővel, vagy a Chrome OS operációs rendszerrel kapcsolatos biztonsági problémákat jelentenek be.

A Google Chrome csapat a napokban elérhetővé tette a Chrome 40-et Windows, Linux és OS X rendszerekhez a stable csatornában. A Chrome 40.0.2214.91 egyéb fejlesztések mellett egy rakás - pontosabban 62 - biztonsági hibát is orvosol.

A Google a bejelentőknek az alábbi jutalmakat fizette ki:

[$5000][430353] High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.

[$4500][435880] High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.

[$4000][434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer@booktrack.com.

[$4000][422824] High CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.

[$3500][444695] High CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.

[$3500][435073] High CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.

[$3000][442806] High CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.

[$3000][442710] High CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.

[$2000][443115] High CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.

[$2000][429666] High CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen of OUSPG.

[$2000][427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit to Aki Helin of OUSPG.

[$2000][427249] High CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.

[$2000][402957] High CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.

[$1500][428561] High CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.

[$1500][419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen of OUSPG.

[$1000][416323] High CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen of OUSPG.

[$1000][399951] High CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada.

[$1000][433866] Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.

[$1000][428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen of OUSPG and Christoph Diehl.

[$1000][426762] Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.

[$1000][422492] Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.

[$1000][418881] Medium CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer.

[$1000][414310] Medium CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer.

[$1000][414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.

[$500][430566] Medium CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck.

[$500][414026] Medium CVE-2014-7948: Caching error in AppCache. Credit to jiayaoqijia.

A felsoroltakon (53 500 dollár) kívül a cég további 35 000 dollárnyi jutalmat fizetett még ki.

A részletek elolvashatók itt.