Google awards $15K to Apple security team for finding bug in Chrome


New Delhi, Aug 5 (IANS): Google has awarded $15,000 as bug bounty to Apple for spotting a high-severity security vulnerability in the Chrome web browser.

Apple’s Security Engineering and Architecture team found the bug and reported to Google for discovery and disclosure, reports Forbes.

 

Google disclosed in its latest Chrome update, confirming 11 security fixes as a result of external contributor vulnerability reports.

 

Apple’s SEAR team is tasked with providing the foundation for operating system security across all product lines at the tech giant.

 

“If they happen to come across something that relates to a third-party product as part of this ongoing security process, then a responsible disclosure will be made,” according to the report.

 

The ‘CVE-2023-4072’ vulnerability is an “out of bounds read and write” bug within Chrome’s WebGL implementation.

 

WebGL is the JavaScript application programming interface that enables the rendering of interactive graphics within the browser and without any plug-ins being required.

 

In total, Google awarded bounties worth $123,000 for vulnerabilities as part of its bug bounty programme, according to the report.

 

The company said that the Stable Chrome channel has been updated to 115.0.5790.170 for Mac and Linux and 115.0.5790.170/.171 for Windows, which will roll out over the coming days/weeks.

 

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” said Google.

 

 

  

Top Stories


Leave a Comment

Title: Google awards $15K to Apple security team for finding bug in Chrome



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.