Patch/Configuration Management, Vulnerability Management

Bug Hunters claim $20K from Google


Google paid out $20,000 in bug bounty fees to four researchers credited with finding the five flaws, three of which were rated high, that the company patched earlier this week.

Mariusz Mlynski was credited with finding two issues, both with a high rating. The first, CVE-2016-1667, was a same origin bypass in DOM and, CVE-2016-1668, a same origin bypass Blink V8 bindings. Google awarded Mlynksi $8,000 and $7,500, respectively, for each.

Choongwoo Han received $3,000 for CVE-2016-1669, a buffer overflow in V8, also listed with a high rating.

The final two findings, both medium, were CVE-2016-1670 and CVE-2016-1671. The former was credited to an anonymous source is a race condition loader and was worth $1,337 and the latter was handed in by Jann Horn who earned $500 for finding a vulnerability with the directory traversal using the file scheme on Android.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.