Google Chrome 26, the latest version of the company's browser, is out and it contains a number of security patches, most notably a fix for a high-priority use-after-free vulnerability in the Web Audio component of the browser.

That vulnerability, discovered and reported by Atte Kettunen, is the only one in Chrome 26 for which Google paid a bug bounty as part of its reward program. All of the other vulnerabilities were discovered by members of the company's own security team or the bugs just didn't qualify for a reward. This continues a somewhat recent trend of the number of vulnerabilities qualifying for rewards from Google declining as it becomes more and more difficult to find serious bugs in the browser.

Google has raised the amount of money paid for serious vulnerabilities in order to attract more submissions from security researchers, but the improved defenses in Chrome have made life more difficult for would-be submitters.