Earlier this month, Google made a record payout of $31,336 to a security researcher. As part of the subsequent update, to version 26.0.1410.57, Google closed four security holes in Chrome OS fixing three vulnerabilities rated with a severity of High and one rated Medium. Two of the High-rated holes and the Medium-rated problem were discovered by Ralf-Philipp Weinmann who earned the record payout under the Chromium Vulnerability Rewards Program. Google did not reveal why this payment wasn't one dollar more to fit in with their previous leet-speak themed rewards.



The vulnerabilities discovered by Weinmann affect the operating system's O3D plugin and encompass a problem with uninitialised memory left in a buffer, a use-after-free exploit and a bypass of the origin lock of the O3D and Google Talk plugins. The O3D plugin is used as an API that enables developers to create 3D applications to be deployed as web applications.

Weinmann appears to have been able to chain these flaws together to produce a demonstrable exploit of Chrome OS, which earned the large reward. He accompanied the report of the vulnerabilities with demonstration exploit code and a "very detailed write-up", according to Google. The third High-rated vulnerability was another origin lock bypass in O3D and Google Talk, which was discovered by a member of the Google Chrome Security Team.

(fab)