Chromium Security Rewards Program, which reflects several of core security principles: engaging the community, building defense in depth, and particularly making the web safer for everyone – today expands its scope to formally include more items:
- “High-severity Chromium OS security bugs are now in scope. Chromium OS includes much more than just the Chromium browser, so we’re rewarding security bugs across the whole system, as long as they are high severity and present when “developer mode” is switched off. Examples of issues that may generate a reward could include (but are not limited to):
- Renderer sandbox escapes via Linux kernel bugs.
- Memory corruptions or cross-origin issues inside the Pepper Flash plug-in.
- Serious cross-origin or memory corruption issues in default-installed apps, extensions or plug-ins.
- Violations of the verified boot path.
- Web- or network-reachable vulnerabilities in system libraries, daemons or drivers,” informs Google.
Chromium team notes, “Chromium OS security bugs should be reported in the Chromium OS bug tracker, whilst security bugs affecting the desktop Chromium browser should be reported in the Chromium bug tracker.”
- Adding, the team said, “we may elect to issue “bonuses” ranging from $500 to $1000 if a bug reporter takes on fixing the bug they’ve found themselves. For eligibility, this process involves working with the Chromium community to produce a peer reviewed patch. These bonuses are granted on top of the base reward, which typically runs between $500 and $3133.70.”
The base reward for a well-reported and significant cross-origin bug (for example a so-called UXSS or “Universal XSS”) is now $2000.
Also, Chrome 18.0.1025.11 Beta Channel released today for Windows, Mac, Linux, and Chrome Frame contains improvements including GPU accelerating 2D Canvas, and enabling 3D content for older GPUs.
Chrome is now able to display 3D content via SwiftShader, a software rasterizer which automatically kicks in for those users who cannot run content on the GPU.
“Licensed from TransGaming, Inc. Although SwiftShader won’t perform as well as a real GPU, it will be an improvement for many of our users on older operating systems such as Windows XP,” informs Google.
Finally, Chrome Beta 18 enabled GPU-accelerated rendering of 2D Canvas content, so that canvas-based games and animations run faster and feel smoother. You can go to chrome://gpu to see which features are being accelerated.