Google Releases Chrome 6, Pays $4337 In Bounties 177
Trailrunner7 writes "Google has released a new version of its Chrome browser and has included more than a dozen security fixes in the update. The new version, 6.0.472.53, was released two years to the day after the company pushed out the first version of Chrome. Google Chrome 6 includes patches for 14 total security vulnerabilities, including six high-priority flaws, and the company paid out a total of $4,337 in bug bounties to researchers who reported the vulnerabilities. A number of the flaws that didn't qualify for bug bounties were discovered by members of Google's internal security team." (Read on for more, below.)
Also on the Chrome front, morsch writes "Chrome 7 for Linux is planned to tie in with the Gnome Keyring and the KDE Wallet to securely store saved browser passwords. Users of the stable version of Google's Webkit-based browser might be surprised to find out that, so far, passwords are stored on the hard disk as clear text. On Windows, Chrome has always used a platform-specific crypto API call for encrypted storage. The corresponding Linux function was never implemented — until now. Unstable versions of Chrome 7 still disable the feature by default; it can be enabled using a parameter."
$4,337 from a multi-billion dollar company? (Score:1, Insightful)
It's nice that they're paying but if that's $4337/14 = roughly $310 per bug you'll just have to forgive me if I don't quit my day job to focus on debugging Chrome.
Re:Wheel of Bug Chasers! (Score:5, Insightful)
Give me a break. You turn a bug bounty into a statement on American values. Your gameshow references are completely baseless and random. What a load of crap!
Re:$4,337 from a multi-billion dollar company? (Score:1, Insightful)
Well obviously they found somebody to do it for that price. So I guess the multi-billion dollar company has it valued just right.
Welcome to capitalism.
Re:Wheel of Bug Chasers! (Score:3, Insightful)
Re:Wheel of Bug Chasers! (Score:3, Insightful)
Well, you could always find flaws in Firefox, Windows, IE, etc and get paid nothing if you like.
$4,337 > 0
I say good for Google. What do you want from them, $43,370? $433,700? They're already paying more than anyone else.
Re:Version bloat (Score:3, Insightful)
I was amazed they've already flown past an older browser (Safari) in version numbers, and they're inching toward IE territory.
Seriously Google. This sounds like a .1, or even a .0.1 release. Don't be afraid of little bumps. It didn't sound like any new significant features were introduced.
Re:Aeet? (Score:2, Insightful)
Re:Wheel of Bug Chasers! (Score:5, Insightful)
And yet they did. That must really shake your world view.
Believe it or not, when normal people discover a vulnerability and their options are "run a bonet" and "tell the manufacturer," most of them tell the manufacturer. Getting $1000 for it is an added bonus, not the incentive to action.
True, it's not going to create a whole new generation of professional bug bounty hunters living off their bounties, but that was never the intent. If they wanted to hire an army of extra bug hunters they'd put you on the payroll. If you're looking to get rich, do something else. If you're into it for the challenge or to be helpful or you happen to be mucking about with their browser as part of your day job, make a little extra money as Google's way of saying "thank you" for doing the right thing and helping them to make their free product--one you evidently use, if you're finding bugs in it--a better one.
If that's not good enough for you, well, fine. Don't look for bugs. Don't pass Go, don't collect $1,000. Your time is apparently better spent trying to get yourself a spot on Wheel of Fortune.