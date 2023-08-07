Apple's Security Engineering and Architecture (SEAR) team found a high-severity security flaw in Google Chrome, leading to a $15,000 bug bounty payout from Google for the responsible disclosure.

According to Forbes report, Google recently confirmed that its Chrome web browser had a high-severity vulnerability, discovered by Apple's Security Engineering and Architecture (SEAR) team. The Cupertino-based tech giant's SEAR team aims to provide a solid security foundation for all Apple products, focusing primarily on vulnerabilities within iOS. If the team uncovers a vulnerability in a third-party product during their ongoing security process, they will engage in responsible disclosure. This particular revelation occurred in an August 2 Chrome update announcement addressing 11 security fixes resulting from external vulnerability reports.

The vulnerability in question, CVE-2023-4072, involves an "out of bounds read and write" issue within Chrome's WebGL implementation. This vulnerability affects confidentiality, integrity, and availability, according to the threat intelligence-based Vulnerability Database, requiring user interaction for successful exploitation. As of now, no known active exploits exist.

Google awarded a total of $123,000 in bug bounties for confirmed vulnerabilities in the latest Chrome update, which upgrades the browser to versions 115.0.5790.170 for Mac and Linux, and 115.0.5790.170/.171 for Windows. The largest payout of $23,000 went to "Jerry" for CVE-2023-4068, a type confusion vulnerability in Chrome's V8 JavaScript engine. Jerry received an additional $20,000 for another type confusion vulnerability, CVE-2023-4070.

