Google has promoted Chrome 46 to the stable channel for Windows, Mac and Linux – the update includes 24 security fixes, some of which are for high severity vulnerabilities.
Bugs discovered by external researchers were highlighted in a Tuesday post. The Chrome team paid out $8,837 to Mariusz Mlynski for identifying a critical cross-origin bypass in Blink, and an unnamed researcher was rewarded $6,337 for discovering a critical use-after-free in PDFium.
Other high severity vulnerabilities included a use-after-free in ServiceWorker identified by Collin Payne, who earned $3,500, and a bad-cast in PDFium discovered by Atte Kettunen of OUSPG, who earned $3,000.
The remaining vulnerabilities – an information leakage in LocalStorage, an improper error handling in libANGLE, a memory corruption in FFMpeg, and a CORS bypass via CSS fonts – were deemed low to medium in severity and were each worth $500 and $1,000.