14 comments

[ 3.1 ms ] story [ 44.7 ms ] thread
Ah, lame. I found a canvas rendering bug back when Chrome first came out. I blogged about it and they fixed it, referencing my blog entry in the steps-to-reproduce portion of the bug report.

I guess I should have held onto it for a couple years and cashed in!

Was it a critical security flaw?
Your canvas rendering bug is probably worth $0; this program is intended to incentivize people to search for security bugs, so that Google (and Mozilla) can win the race against organized criminals doing the same thing.
The article says Google is paying $500 for non-security bugs
They aren't. $500 is for non-severe security bugs.
"Google has also established a bug bounty program, offering $500 for run-of-the-mill flaws..."

So the article is wrong?

Your interpretation of what the Register says is overly optimistic, and is easily refuted by the FAQ on Google's own page. The Reg, when it says "flaws", is (clumsily) implying security flaws as well.

Either way, just to keep this crystal clear: the $500 bounty is for security flaws.

Thanks for clearing that up :)
W0w 7hi5 i5 nic3
Nice, Hugh Hefner was only offering $800.85 for Playboy.com vulnerabilities.
Nice amount. But I'd like it to be the full $31337(why shorten), although I don't plan to find any bugs in Chromium.