Google patches 48 security flaws in Chrome web browser

More than $22,000 coughed up in awards to security researchers for uncovering high-risk security flaws

Google has released a total of 48 patches to fix various vulnerabilities in version 52 of its Chrome browser. The patches include a fix for a high-risk vulnerability that could enable an attack to escape the Chrome sandbox.

The company has paid out more than $22,000 to various security researchers who uncovered the flaws, with payments for 11 more bugs currently pending.

According to Google, 11 of the vulnerabilities were classified as "high risk", the most serious of which was the sandbox escape bug in the Pepper Plugin API (CVE-2016-1706). This is the cross-platform API for native client-secured browser plug-ins, and netted research Pinkie Pie some $15,000 for turning it over to Google.

The next highest-amount was netted by researcher 'xisigr' at the Xuanwu labs of Chinese security company Tencent, for a URL spoofing vulnerability in the iOS version of Chrome. Xisigr scooped up $3,000 for their work.

Google's Chrome browser is based on the open-source Chromium project, which is also used by Opera. Versions of Chromium are available for Windows, Apple OS X, Linux and Android.

Chrome competes head-to-head with Internet Explorer as the most widely used web browser, with Chrome much more widely used on mobile devices via the Android operating system, while Internet Explorer - which has been discontinued by Microsoft in favour of its new browser Edge - is widely used on laptop and desktop PCs.