Security News > 2021 > August > Google Awards $42,000 for Two Serious Chrome Vulnerabilities
Google on Monday announced that a security update released for the Chrome web browser patches several high-severity vulnerabilities.
Arriving on Windows, Mac, and Linux computers as Chrome 92.0.4515.159, the latest browser iteration packs a total of 9 security fixes, including 7 for bugs identified by external security researchers.
Google paid the researcher $21,000 for each of these security flaws.
Researchers have found plenty of Chrome sandbox escape vulnerabilities in the past few years, and Google typically awards significant bug bounties for these types of flaws.
Google has yet to reveal the bounty amount for two other use-after-free vulnerabilities - one in WebRTC and another in ANGLE. In addition, a high-severity race condition in WebAudio was reported by a Google researcher.
This year, Google patched more than half a dozen actively exploited zero-day vulnerabilities in Chrome, along with security flaws that could be exploited through malicious extensions, but also announced a series of overall security and privacy improvements in the browser.
News URL
Related news
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature (source)
- New Google Chrome feature will translate complex pages in real time (source)