Google Awards Over $60,000 for V8 Vulnerabilities Patched With Chrome 115 Update


Google on Wednesday announced a Chrome 115 update that patches 17 vulnerabilities, including 11 flaws reported by external researchers.

The browser update resolves three high-severity type confusion bugs in the V8 JavaScript and WebAssembly engine that earned the reporting researchers over $60,000 in bug bounties, Google notes in its advisory.

The internet giant says it handed out $43,000 in rewards to a security researcher named ‘Jerry’, who reported two of these V8 issues, tracked as CVE-2023-4068 and CVE-2023-4070.

A $21,000 bug bounty was awarded to Man Yue Mo of GitHub Security Lab, for reporting the third type confusion bug, tracked as CVE-2023-4069.

The latest Chrome update resolves six other high-severity vulnerabilities. Based on the paid bug bounties, the most severe of these is CVE-2023-4071, a heap buffer overflow bug in Visuals.

Next in line is an out-of-bounds read and write issue in WebGL (CVE-2023-4072), followed by an out-of-bounds memory access flaw in the ANGLE graphics engine abstraction layer (CVE-2023-4073).

The remaining three high-severity security defects that were externally reported are use-after-free vulnerabilities in Blink Task Scheduling, Cast, and WebRTC.

Advertisement. Scroll to continue reading.

The latest Chrome iteration also resolves two medium-severity bugs in Extensions: an insufficient data validation and an inappropriate implementation issue.

Google says it handed out a total of $123,000 in bug bounty rewards to the reporting researchers.

The latest Chrome release is currently rolling out as version 115.0.5790.170 for Mac and Linux and as versions 115.0.5790.170/.171 for Windows.

Google makes no mention of any of these vulnerabilities being exploited in attacks.

Related: Chrome 115 Patches 20 Vulnerabilities

Related: Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use?

Related: Chrome 114 Update Patches Critical Vulnerability



Source link