Google Patches 10 Chrome Bugs, Pays Out $10K

CWmike writes "Google patched 10 vulnerabilities in Chrome on Thursday, but it didn't award any of the researchers who reported bugs its new top-dollar reward. Google divulged no details of the vulnerabilities and, as is its custom, it blocked public access to its bug-tracking database — a practice meant to keep attackers from using the information before most users have upgraded. Some rivals, such as Mozilla, do the same; others, like Microsoft, do not. Sergey Glazunov banked $4,674 for reporting four bugs, including the previous maximum $1,337 each for two of the quartet. A researcher known as 'kuzzcc,' who has also reported flaws in Opera to that browser's Norwegian maker, took home $2,000 for uncovering a pair of Chrome vulnerabilities. But no one received Google's new biggest bounty, which the company set at $3,133.70 last month, after Mozilla had increased its maximum vulnerability payment to $3,000."

Re:a couple grand?

[Alphanos]

It has to be a careful balance to set bounties like this at the right amount. The information and fixes are valuable, yes. However, If they set the payout too high, it could actually encourage their employees to write buggy software in the hopes of cashing in (i.e. through a friend or family member).

Re:a couple grand?

[Darkness404]

Yeah, but Google is reputable, you -know- that their $3K is going to be genuine. Good luck suing J. Random Blackhat when the money he pays you turns out to be stolen/fraudulent or never arrives.