Security News > 2020 > August > Google Awards $10,000 for Remote Code Execution Vulnerability in Chrome
Google this week announced that an update for Chrome 84 includes 15 security patches, including for a serious vulnerability for which the tech giant awarded a $10,000 bug bounty.
This vulnerability is CVE-2020-6542, a high-severity use-after-free bug in ANGLE, the Chrome component responsible for translating OpenGL ES API calls to hardware-supported APIs available for the operating system.
Discovered by Piotr Bania of Cisco Talos, the remote code execution vulnerability is easy to exploit, as the attacker only needs to set up a website containing malicious code that would be triggered upon user visit.
Google awarded the security researcher a $10,000 bug bounty reward for reporting this vulnerability.
Google has yet to provide information on the bug bounties paid to the reporting researchers.
News URL
Related news
- Google Patches New Android Kernel Vulnerability Exploited in the Wild (source)
- Google Chrome will let you send money to your favourite website (source)
- “0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
- Apache fixes critical OFBiz remote code execution vulnerability (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-21 | CVE-2020-6542 | Use After Free vulnerability in multiple products Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |