Google Announces First Elite Reward to Security Researcher for Discovering Vulnerability

In yet another security release, Google fixed vulnerabilities in Chrome discovered by various IT security researchers. Google has updated Chrome and Chrome Operating System. The latest security patch addresses 16 vulnerabilities including 1 critical bug, 13 high risk vulnerabilities and 2 medium risk vulnerabilities. Over the last six months, Google has rewarded many security professionals for identifying vulnerabilities under the Chrome Security Reward Program. Google has now raised the maximum prize money to $3,133.7. Sergey Glazunov is the first IT security professional to receive the above referred elite reward for discovering critical stale pointer vulnerability in Chrome’s speech handling. The vulnerability may cause an attacker to execute arbitrary software on a victim’s browser. Glazunov also discovered stale pointer bug with CSS + canvas, bad cast bug in anchor handling and video handling, bad pointer handling bug in node iteration. The researcher received total prize money of $7,470.7 for identifying the five vulnerabilities. Google has been constantly releasing new versions of chrome to reduce vulnerabilities and to create a stable platform

Usually, developers use ethical hacker certified security professionals to identify vulnerabilities. In this case, security researchers affiliated to various organizations revealed security flaws associated with Google Chrome. The latest patch also fixes flaws associated with PDF page handling, extensions notification handling, printing multi-page PDFs and SVG use element among others.

Google’s reward program encourages IT security professionals to discover security holes, so as to facilitate timely corrective action and ensure safe browsing for Internet users. Many other developers have initiated a similar reward program to encourage researchers. Attackers constantly explore the cyberspace to identify and exploit flaws. Businesses incur considerable financial losses due to cybercrime and attacks. Professionals holding security certifications facilitate organizations to streamline their IT security apparatus to ensure data protection, integrity and confidentiality. At the same time, most of the attacks require user intervention. Lack of awareness among employees on the severe threats prevalent in the IT environment and modus operandi of offender is one of the major contributing factors for growing number of data breaches. Workshops and online computer training programs may facilitate employees to understand the prevalent threats and encourage them to adopt safe computing practices.