[BreachExchange] Google Awards $42, 000 for Two Serious Chrome Vulnerabilities
Sophia Kingsbury
sophia.kingsbury at riskbasedsecurity.com
Tue Aug 17 11:47:01 EDT 2021
https://www.securityweek.com/google-awards-42000-two-serious-chrome-vulnerabilities
Arriving on Windows, Mac, and Linux computers as Chrome 92.0.4515.159, the
latest browser iteration packs a total of 9 security fixes, including 7 for
bugs identified by external security researchers.
The most severe of these are CVE-2021-30598 and CVE-2021-30599, two type
confusion issues in the V8 JavaScript engine that were identified and
reported in July by Manfred Paul. Google paid the researcher $21,000 for
each of these security flaws.
The researcher told SecurityWeek that type confusion bugs can typically be
exploited by luring the targeted user to a malicious website, and they
allow the attacker to achieve arbitrary code execution in the renderer
process. However, he noted that a separate vulnerability is needed to
escape the Chrome sandbox.
Researchers have found plenty of Chrome sandbox escape vulnerabilities in
the past few years, and Google typically awards significant bug bounties
for these types of flaws.
The Internet search giant also patched a use-after-free bug in Printing
(CVE-2021-30600, reported by Leecraso and Guang Gong of 360 Alpha Lab) and
another in Extensions API (CVE-2021-30601, reported by koocola and Nan Wang
of 360 Alpha Lab).
The company paid $20,000 in bug bounties for each of these issues.
Google has yet to reveal the bounty amount for two other use-after-free
vulnerabilities – one in WebRTC (CVE-2021-30602) and another in ANGLE
(CVE-2021-30604). In addition, a high-severity race condition in WebAudio
(CVE-2021-30603) was reported by a Google researcher.
This year, Google patched more than half a dozen actively exploited
zero-day vulnerabilities in Chrome, along with security flaws that could be
exploited through malicious extensions, but also announced a series of
overall security and privacy improvements in the browser.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210817/6a47a901/attachment.html>
More information about the BreachExchange
mailing list