Security News > 2021 > August > Google Awards $42,000 for Two Serious Chrome Vulnerabilities
Google on Monday announced that a security update released for the Chrome web browser patches several high-severity vulnerabilities.
Arriving on Windows, Mac, and Linux computers as Chrome 92.0.4515.159, the latest browser iteration packs a total of 9 security fixes, including 7 for bugs identified by external security researchers.
Google paid the researcher $21,000 for each of these security flaws.
Researchers have found plenty of Chrome sandbox escape vulnerabilities in the past few years, and Google typically awards significant bug bounties for these types of flaws.
Google has yet to reveal the bounty amount for two other use-after-free vulnerabilities - one in WebRTC and another in ANGLE. In addition, a high-severity race condition in WebAudio was reported by a Google researcher.
This year, Google patched more than half a dozen actively exploited zero-day vulnerabilities in Chrome, along with security flaws that could be exploited through malicious extensions, but also announced a series of overall security and privacy improvements in the browser.
News URL
Related news
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Exploited: Cisco, SharePoint, Chrome vulnerabilities (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (source)