Google on Wednesday updated the Chrome browser for the third time since the start of May.
Chrome 51.0.2704.79 for Windows, Mac, and Linux patched 15 vulnerabilities. It also paid out $14,000 in bounties to prolific bug hunters Mariusz Mlynski ($7,500) and Rob Wu ($6,500).
The previous Chrome update on May 27 addressed 42 flaws with Mlynski cashing in to the tune of $30,000 after earning $15,500 in an update pushed out at the start of May.
Yesterday’s update patched two high-severity vulnerabilities, including a cross-origin bypass in the Blink web browser engine worth $7,500 to Mlynski. An anonymous researcher also pocketed $7,500 for a cross-origin bypass in Extension bindings.
Researcher Rob Wu, a student at TU/e in the Netherlands, earned $6,500 in bounties for three medium-severity bounties, including an information leak bug in Extension bindings worth $4,000.
The bugs that earned bounties are as follows:
[$7500][601073] High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous.
[$7500][613266] High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$4000][603725] Medium CVE-2016-1698: Information leak in Extension bindings. Credit to Rob Wu.
[$3500][607939] Medium CVE-2016-1699: Parameter sanitization failure in DevTools. Credit to Gregory Panakkal.
[$1500][608104] Medium CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu.
[$1000][608101] Medium CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu.
[$1000][609260] Medium CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer.
