Google awards $15K to Apple security team for finding bug in Chrome

Google has awards $15,000 as bug bounty to Apple for spotting a high-severity security vulnerability in the Chrome web browser.

Apple’s Security Engineering and Architecture team found the bug and reported to Google for discovery and disclosure, reports Forbes. 

Google disclosed in its latest Chrome update, confirming 11 security fixes as a result of external contributor vulnerability reports.

Google LLC is an American multinational technology company focusing on artificial intelligence, online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, and consumer electronics.

Apple’s SEAR team is tasked with providing the foundation for operating system security across all product lines at the tech giant. 

“If they happen to come across something that relates to a third-party product as part of this ongoing security process, then a responsible disclosure will be made,” according to the report.

The ‘CVE-2023-4072’ vulnerability is an “out of bounds read and write” bug within Chrome’s WebGL implementation. 

WebGL is the JavaScript application programming interface that enables. The rendering of interactive graphics within the browser and without any plug-ins being required.

In total, Google awards bounties worth $123,000 for vulnerabilities as part of its bug bounty programme, according to the report.

The company said that the Stable Chrome channel has been updated. To 115.0.5790.170 for Mac and Linux and 115.0.5790.170/.171 for Windows, which will roll out over the coming days/weeks. 

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library. That other projects similarly depend on, but haven’t yet fixed,” said Google.

Show More
Back to top button