Google patches seven Chrome holes, pays $10,000

Google has fixed seven vulnerabilities in the Chrome web browser and paid $10,000 to researchers who reported them.

The company also patched security holes in an update for Chrome’s Flash player.

Researcher Sergey Glazunov scored $8000 for reporting five Chrome bugs, including $4500 for three use after free bugs in v8 bindings.

Glazunov has dominated Google’s Chromium security hall of fame which pays researchers for reporting security bugs in the Chrome browser.

A lone critical vulnerability (CVE-2011-3873) patched related to a memory corruption bug in Chrome’s shader translator.

•  [$1000] [93788] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz.
• [$1000] [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz.
• [$2000] [95671] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov.
• [96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno).
• [$4500] [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov.
• [$1500] [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov.
• [98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo of the Chromium development community.