Google Fixes Three High-Risk Flaws in Chrome OS

Google has fixed a series of serious vulnerabilities in its Chrome OS, including three high-risk bugs that could be used for code execution on vulnerable machines. As part of its reward program, Google paid out more than $30,000 to a researcher who found three of the vulnerabilities.

All of the vulnerabilities that Google fixed in Chrome OS are in the O3D plugin, an API that enables developers to create 3D applications for the Web. Three of the vulnerabilities are high-risk and the other flaw is rated a medium severity bug.

Here are the vulnerabilities that Google fixed in Chrome OS 26:

[227197] Medium CVE-2013-2832: Uninitialized memory left in buffer in O3D plug-in.Credit to Ralf-Philipp Weinmann.

[227181] High CVE-2013-2833: Use-after-free in O3D plug-in. Credit to Ralf-Philipp Weinmann.

[227158] High CVE-2013-2834: Origin lock bypass of O3D and Google Talk plug-ins. Credit to Ralf-Philipp Weinmann.

[196456] High CVE-2013-2835: Origin lock bypass of O3D and Google Talk plug-ins. Credit to Google Chrome Security Team (Chris Evans).

Ralf-Philipp Weinmann, the researcher who discovered three of the flaws, received $31,336 in bug bounties for his work. That's at the highest end of the rewards that Google pays out in its Chromium reward program. Most of the rewards are in the $1,000-$3,000 range, with some going above that, depending upon the severity of the vulnerability and difficulty of exploitation.

"We’re pleased to reward Ralf-Philipp Weinmann $31,336 under the Chromium Vulnerability Rewards Program for a chain of three bugs, including demo exploit code and very detailed write-up. We are grateful to Ralf for his work to help keep our users safe," Ben Henry of the Chrome team said in a blog post.

(Taken from Threat Post)