Security News > 2021 > August > Google Patches Several Chrome Flaws That Can Be Exploited via Malicious Extensions
A Chrome 92 update released this week by Google patches 10 vulnerabilities, including several high-severity flaws that earned researchers tens of thousands of dollars in bug bounties.
Google described the issue as a heap buffer overflow in Bookmarks.
These were not the first extension-related Chrome vulnerabilities reported by Erceg to Google.
Another high-severity vulnerability for which Google paid out $20,000 is CVE-2021-30591, a use-after-free bug in the File System API. This issue was discovered by researcher SorryMybad from Kunlun Lab.
It's worth noting that Google pays out up to $20,000 for Chrome sandbox escape vulnerabilities described in a high-quality report.
Google this year patched more than half a dozen actively exploited zero-day flaws.
News URL
Related news
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Google to kill Chrome Sync on older Chrome browser versions (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-26 | CVE-2021-30591 | Use After Free vulnerability in multiple products Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |