Chrome development is Open Source. All you have to do is submit dodgy code in the first place hoping it doesn't get caught and later, under a different ID (or an chummy criminal pal), the fix for the bug you created in the first place. The bigger the initial cock-up the more handsome the latter reward. Win-win situation, except for the user that is. You can even make a few extra bob -or a lot of them- by selling the exploit in the black market in between.