Ralf-Philipp Weinmann, earlier this month, received a record payout of $31,336 from Google under the Chromium Vulnerability Rewards Program. As part of the update, to version 26.0.1410.57, Google closed four security holes in Chrome OS fixing three vulnerabilities rated with a severity of High and one rated Medium.

Weinmann discovered the vulnerabilities that affect the operating systems o3D plugin and includes a problem with uninitialized memory left in the buffer. The O3D plugin is used as an API that enables developers to create 3D applications to be deployed as web applications.

He received the large reward by chaining these flaws together to produce an exploit of Chrome OS. He demonstrated the exploit code and a "very detailed write-up", according to Google. The third High-rated vulnerability was another origin lock bypass in O3D and Google Talk, which was discovered by a member of the Google Chrome Security Team.