Bug Hunters claim $20K from Google

Three of the bugs were rated high, while the remaining two were medium.
Three of the bugs were rated high, while the remaining two were medium.

Google paid out $20,000 in bug bounty fees to four researchers credited with finding the five flaws, three of which were rated high, that the company patched earlier this week.

Mariusz Mlynski was credited with finding two issues, both with a high rating. The first, CVE-2016-1667, was a same origin bypass in DOM and, CVE-2016-1668, a same origin bypass Blink V8 bindings. Google awarded Mlynksi $8,000 and $7,500, respectively, for each.

Choongwoo Han received $3,000 for CVE-2016-1669, a buffer overflow in V8, also listed with a high rating.

The final two findings, both medium, were CVE-2016-1670 and CVE-2016-1671. The former was credited to an anonymous source is a race condition loader and was worth $1,337 and the latter was handed in by Jann Horn who earned $500 for finding a vulnerability with the directory traversal using the file scheme on Android.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS