author photo
By Bruce Sussman
Fri | Nov 1, 2019 | 10:25 AM PDT

Google just released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. 

And it closes a Zero Day vulnerability that is being used by attackers.

Says the Chrome Team on its release channel: "Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild."

There are no details, yet, on the exploit.

Google pays security researchers

The Google team says the latest version of Chrome addresses two security bugs. Google paid one researcher $7,500, but the payout for the researchers who discovered the Zero Day that is in use is listed as TBD.

And saying thank you is always free.

"We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel."

Read (a small amount) more: Google Chrome Releases statement

How do bug bounty programs work?

This out of band security update from Google is evidence that bug bounty programs are working.

What is the impact on the threat landscape? And how do these security research programs work? Plus, how much do white hat hackers get paid? 

We posed these questions to Brian Gorenc who leads the Zero Day Initiative, which is the world's largest vendor agnostic bug bounty program.

Listen to our interview with Gorenc on The SecureWorld Sessions podcast:

Comments