Google has released a security update for its Chrome browser on Android devices, solving seven medium-risk vulnerabilities and paying out a overall of $3,500 in rewards to two researchers.

The update repairs two medium-rated bugs reported by Artem Chaykin for which he obtained a sum of $1,000 in rewards. The first fixes an issue with data and credential disclosure by file:// URLs and the second resolves a problem with current-tab cross-application scripting (UXSS).

Google pushed these updates on the same day that Jon Oberheide of Duo Security published a blog post showing the findings of their X-Ray projects, which revealed that more than half of Android devices contain vulnerabilities that could be exploited by attackers to take complete control of user’s devices.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.