» » Google Pays $45,000 for High-Severity Vulnerabilities Found in Chrome

Google Pays $45,000 for High-Severity Vulnerabilities Found in Chrome

Google Pays $45,000 for High-Severity Vulnerabilities Found in Chrome

House › Vulnerabilities

Google Pays $45,000 for Excessive-Severity Vulnerabilities Present in Chrome

By Ionut Arghire on November 09, 2022

Tweet

Google this week introduced the discharge of a Chrome 107 replace that resolves 10 vulnerabilities, together with six high-severity bugs reported by exterior researchers.

4 of the externally reported safety defects are use-after-free points for which Google paid a complete of $45,000 in bug bounty rewards to the reporting researchers.

Based mostly on the obtained reward, $21,000, probably the most extreme of those flaws is CVE-2022-3885, a use-after-free within the V8 open supply JavaScript and WebAssembly engine.

Subsequent in line is CVE-2022-3886, a vulnerability in Chrome’s speech recognition element, for which a researcher obtained a $10,000 bug bounty reward.

Google additionally patched use-after-free vulnerabilities impacting Chrome’s Net Staff and WebCodecs elements and says it has paid $7,000 for every of those points.

The 2 remaining Chrome 107 high-severity vulnerabilities that have been reported externally embody CVE-2022-3889, a kind confusion within the V8 engine, and CVE-2022-3890, a heap buffer overflow in Crashpad.

Google says it has but to find out the bug bounty quantities to be paid for the final two vulnerabilities, that means that the entire handed out to the reporting researchers is perhaps greater than $45,000.

The web large makes no point out of any of those vulnerabilities being exploited in assaults.

The most recent Chrome iteration is now rolling out to macOS and Linux customers as model 107.0.5304.110, and to Home windows customers as model 107.0.5304.106/.107.

Roughly two weeks in the past, Google launched an emergency replace to patch an actively exploited zero-day in Chrome 107.

Associated: Google Releases Emergency Chrome 107 Replace to Patch Actively Exploited Zero-Day

Associated: Google Pays Out Over $50,000 for Vulnerabilities Patched by Chrome 107

Associated: Chrome 106 Replace Patches A number of Excessive-Severity Vulnerabilities

Associated: Chrome 106 Patches Excessive-Severity Vulnerabilities

Get the Day by day Briefing

 
 
 

  • Most Current
  • Most Learn
  • No Cyberattacks Affected US Vote Counting, Officers Say
  • Microsoft Patches MotW Zero-Day Exploited for Malware Supply
  • Safety Posture Administration Agency Veriti Emerges From Stealth With $18.5M in Funding
  • Gaping Authentication Bypass Holes in VMWare Workspace One
  • Google Pays $45,000 for Excessive-Severity Vulnerabilities Present in Chrome
  • Attackers Utilizing IPFS for Distributed, Bulletproof Malware Internet hosting
  • Citrix Patches Vital Vulnerability in Gateway, ADC
  • Intel, AMD Deal with Many Vulnerabilities With Patch Tuesday Advisories
  • SAP Patches Vital Vulnerabilities in BusinessObjects, SAPUI5
  • Google Reveals Spyware and adware Vendor’s Use of Samsung Cellphone Zero-Day Exploits

On the lookout for Malware in All of the Unsuitable Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Pc Says About You

Be in a Place to Act By means of Cyber Situational Consciousness

Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice 12 months To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

Methods to Establish Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Engaging

Methods to Defend In opposition to DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

author-Orbit Brain
Orbit Brain
Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.

Cyber Security News Related Articles