Security News > 2021 > January > Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 87 Update
An update released this week by Google for Chrome 87 patches 16 vulnerabilities, including 14 rated high severity.
The company has awarded more than $100,000 for these vulnerabilities.
Eight of the addressed vulnerabilities are use-after-free bugs impacting various components of the web browser.
Google paid the reporting security researchers $20,000 for each of these vulnerabilities.
Other high-risk flaws the new browser release fixes include insufficient policy enforcement in WebUI, heap buffer overflow in Skia, insufficient data validation in networking, and out of bounds write in V8. Google also addressed high-severity memory corruption vulnerabilities that were identified internally, and which were not issued CVE identifiers, as well as medium-severity bugs.
In an alert issued on Thursday, the Multi-State Information Sharing and Analysis Center warned that these vulnerabilities represent a high risk for large and medium government and business entities and advised them to update as soon as possible.
News URL
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature (source)
- New Google Chrome feature will translate complex pages in real time (source)