February 02, 2010

Offered a reward for Chrome vulnerabilities

New scheme to make the browser more secure.

Open source project, Chromium, Google Chrome is built on, offered last week a reward to external actors who find and tell the project about vulnerabilities in either Chromium or Chrome.

The reward for qualified security flaw is basically $ 500, but Chris Evans, who is tied to Google Chrome Security Group, said in this blog post that the reward be increased to $ 1337 if the panel dealing with the reports says it all especially severe or acute.
Google Chrome

Evans adds that the scheme, which is currently only a kind of experiment, inspired by Mozilla's similar arrangement, which was established several years ago.

This does not mean that external actors to now have not informed Chromium project or Google about vulnerabilities. But Evans hopes that the reward will encourage more individuals to contribute, but it is also meant as a sign that existing donors will be appreciated.

- The more people who are involved in to investigate the Chromium code and behavior, the more secure will our millions of users to be. Some of the most interesting security bugs we've fixed, have been reported to the Chromium project by external researchers, writes Evans.

There is nothing unclear about the security flaw that will be made public before Chromium-developers the opportunity to correct them, is eligible for a reward.

- We encourage the responsible disclosure. Notice that we think responsible disclosure applies in both directions. It is our job to correct serious errors within an acceptable timeframe, writes Evans.

Google did the rest of the first test version of Chrome 5 for Windows and Mac last week. This is possible in the developing  channel. The most important news so far seems to be increased opportunities for users to decide what type of content such as Flash, images and JavaScript, which will be displayed on individual sites.

Free Website Hosting