Security News > 2021 > March > Chinese Researchers Earn Another $20,000 for Chrome Sandbox Escape
Researchers from Chinese cybersecurity company Qihoo 360 have earned another $20,000 from Google for a sandbox escape vulnerability affecting the Chrome web browser.
Google informed Chrome users on Tuesday that an update for version 89 includes eight security fixes, including for six vulnerabilities reported by external researchers.
Leecraso told SecurityWeek that the vulnerability, tracked as CVE-2021-21194, can be exploited to escape the Chrome sandbox.
If exploited in combination with a renderer bug, it can allow an attacker to remotely execute arbitrary code outside the Chrome sandbox on the targeted user's device.
Over the past year, 360 Alpha Lab researchers Rong Jian, Leecraso and Guang Gong have received more than $150,000 for security holes discovered in Chrome, and there still appear to be several critical and high-severity vulnerabilities for which Google has yet to determine the bug bounty.
These researchers have been named in at least 17 Chrome advisories over the past year.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-09 | CVE-2021-21194 | Use After Free vulnerability in multiple products Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |