If there's a competition to uncover security holes in Google's browser, Sergey Glazunov is winning it.
Yesterday Google awarded him $3,133.70 ("eleet") for finding a critical vulnerability that Google patched with a new release of Chrome yesterday.
It's the first time Google paid out this top bounty, but not the first time it's paid Glazunov. He's also been paid $1,337 four times for the "leet" level of vulnerabilities, eleven times for the $1,000-level, and once at the $500 level.
The critical vulnerability relates to a "stale pointer in speech handling," Google said, but hasn't published further details. Critical vulnerabilities let an attacker run arbitrary software on a person's computer just by visiting a Web site.
Google issues Chrome updates automatically, so restarting the browser installs the new version.
Comments