Security News > 2020 > August > Google Awards $10,000 for Remote Code Execution Vulnerability in Chrome
Google this week announced that an update for Chrome 84 includes 15 security patches, including for a serious vulnerability for which the tech giant awarded a $10,000 bug bounty.
This vulnerability is CVE-2020-6542, a high-severity use-after-free bug in ANGLE, the Chrome component responsible for translating OpenGL ES API calls to hardware-supported APIs available for the operating system.
Discovered by Piotr Bania of Cisco Talos, the remote code execution vulnerability is easy to exploit, as the attacker only needs to set up a website containing malicious code that would be triggered upon user visit.
Google awarded the security researcher a $10,000 bug bounty reward for reporting this vulnerability.
Google has yet to provide information on the bug bounties paid to the reporting researchers.
News URL
Related news
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-21 | CVE-2020-6542 | Use After Free vulnerability in multiple products Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |