Google Chrome 37 released with 50 security fixes. This security updated include critical security fix.
[$30000] Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox.
This is one of the top reward for finding security issues with google chrome. The reported of the bug got $30,000 for reporting the bug. Only critical bugs get that much, most other bug repots got $2,000 and less.
So it is time everyone update Google Chrome to latest version. On Ubuntu 14.04, run
sudo apt-get update sudo apt-get upgrade
It is good that Google reward researchers for finding bugs. It is more than just money, so lot of researchers report bugs instead of selling in black market or to malware writers. Most other open source projects won’t play researchers for reporting bugs.
Blog posted with Version 37.0.2062.94 (64-bit) @ Ubuntu 14.04