Google has doled out over $80,000 in rewards to security researchers who exposed flaws in its Chrome browser.
In a blog post last week to announce the promotion of Chrome 40 to the stable channel for Windows, Mac and Linux, Google explained that the latest version of the flagship software has 62 security fixes.
This includes 17 high-severity flaws and nine medium-severity flaws found by external researchers.
The majority are memory corruption, use-after-free and out-of-bounds read vulnerabilities in various parts of Chrome.
Special thanks were also given to Atte Kettunen of OUSPG, Christian Holler, ‘cloudfuzzer’ and Khalil Zhani, all of whom apparently worked with Google during the Chrome development process to nip any buggy code in the bud before it reached the stable channel.
Google tripled the maximum reward on offer via its bug bounty program from $5000 to $15,000 last September.
The web giant claimed to have handed out more than $1.25m in rewards since the start of the program, with third party researchers having helped identify over 700 Chrome security bugs.
The highest reward this time around went to ‘yangdingning’ who was given $5000 for identifying a high severity ‘memory corruption in ICU’ problem.
Google’s approach to secure coding hasn’t gone down well with everyone, however.
It was heavily criticized by Microsoft for irresponsibly going public with a flaw in Windows it discovered, just two days before it was due to be fixed in Patch Tuesday.
Last week the spat continued, after Microsoft told Google that several new flaws in its products highlighted by the Project Zero research team were not serious enough to be patched.
The Google security initiative has a strict 90-day disclosure policy, whereby the vendor in question has three months to patch before the firm goes public with the details.
Although the rule is intended to force said vendors to speed up their internal security processes, it has been criticized in some quarters.