Researcher rewarded over $30,000 for nailing three Chrome OS security flaws

[ShyWriter]

.

Researcher rewarded over $30,000 for nailing three Chrome OS security flaws

by Lisa Vaas on April 16, 2013

Google has patched four flaws - three of them high-risk - in its Chrome operating system and has paid out $31,336 to the researcher who spotted three of them.

The flaws are all found in the O3D plug-in: a Google-crafted plugin used to create interactive 3D graphics applications that run in browser windows or in an XML User Interface (XUL) desktop application.

Updates for Chrome 26 will be pushed out over the next few days, according to a blog post written by Google's Ben Henry.

The fixed flaws:

• [227197] Medium CVE-2013-2832: Uninitialized memory left in buffer in O3D plug-in. Credit to Ralf-Philipp Weinmann.
  
• [227181] High CVE-2013-2833: Use-after-free in O3D plug-in. Credit to Ralf-Philipp Weinmann.
  
• [227158] High CVE-2013-2834: Origin lock bypass of O3D and Google Talk plug-ins. Credit to Ralf-Philipp Weinmann.
  
• [196456] High CVE-2013-2835: Origin lock bypass of O3D and Google Talk plug-ins. Credit to Google Chrome Security Team (Chris Evans). (More...)
  

Read the rest of easy money at: http://nakedsecurity.sophos.com/2013/04/16/researcher-30k-three-chrome-os-flaws/

Steve