Google Pays Out $36,000 for Severe Chrome Vulnerability

Share This Post

Google on Tuesday announced a fresh Chrome browser update that addresses 17 vulnerabilities, including 13 security defects reported by external researchers.

The most severe of the externally reported bugs is CVE-2024-9954, a high-risk use-after-free defect in AI, for which Google handed out a $36,000 bug bounty reward.

The browser update resolves five medium-severity use-after-free issues as well, impacting Web Authentication, UI, DevTools, Dawn, and Parcel Tracking.

Medium-severity inappropriate implementation flaws in Web Authentication, PictureInPicture, and Permissions, and an insufficient data validation issue in Downloads were also resolved.

In its advisory, the internet giant notes that most of the vulnerabilities were reported over the past couple of months, except for the inappropriate implementation in PictureInPicture bug, which was reported in November 2023, and the insufficient data validation in Downloads, which was reported in March 2024.

The update also fixes low-severity inappropriate implementation flaws in Payments and Navigations and an insufficient data validation bug in DevTools.

Google says it has paid out $72,000 in bug bounty rewards to the reporting researchers. However, it has yet to determine the amount to be handed out for the insufficient data validation issue in Downloads.

The internet giant makes no mention of any of these vulnerabilities being exploited in the wild. Users are advised to update their browsers as soon as possible.

Advertisement. Scroll to continue reading.

The latest Chrome iteration is now rolling out as versions 130.0.6723.58/.59 for Windows and macOS, and as version 130.0.6723.58 for Linux.

Google also pushed Chrome for Android version 130.0.6723.58 to a small percentage of users. Containing the same fixes as Chrome 130 for desktop, the updated mobile browser will become available in Google Play shortly.

Related: Chrome, Firefox Updates Patch High-Severity Vulnerabilities

Related: Tor Browser Update Patches Exploited Firefox Zero-Day

Related: Tor Browser Patches Application Probing Vulnerability

Related: Avast Launches Security-Focused Browser for Android

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .