Google gave $10,000 to each of three researchers as a “surprise bonus” for “sustained, extraordinary contributions” to fixing Chrome bugs. The three researchers are Michel Aubizzierre (aka miaubiz), Aki Helin, and Arthur Gerkis.
“We have always reserved the right to arbitrarily reward sustained, extraordinary contributions. In this instance, we’re dropping a surprise bonus. We reserve the right to do so again and reserve the right to do so on a more regular basis! Chrome has a leading reputation for security and it wouldn’t be possible without the aggressive bug hunting of the wider community”, Jason Kersey with Chrome explained in a blog.
Google fixed 10 "use-after-free" memory management vulnerabilities, as well as a buffer overflow in the Skia drawing library, bad cast in line box handling, and out-of-bounds read in text handling.
The Chrome update also addressed a number of non-security bugs, including cursors and backgrounds that sometimes do not load, plugins not loading on some pages, text paste including trailing spaces, and websites using touch controls break.
Google has also announced plans to offer up to $1 million at CanSecWest, a security conference that takes place this week, for anyone who can crack Chrome.