Aug 07, 2023 7:06 pm
Google Pays $15,000 Bug Bounty to Apple Security Team
Odaily Planet Daily News Google confirmed that Apple's security engineering and architecture team found a high-severity security vulnerability in the Chrome web browser. Additionally, the Apple SEAR team received a $15,000 bounty from Google for discovering and disclosing the vulnerability.
Google confirmed 11 security fixes due to bug reports from outside contributors in a Chrome update bulletin published on August 2. CVE-2023-4072 is an "out-of-bounds read and write" vulnerability in Chrome's WebGL implementation.
WebGL is a JavaScript application programming interface that can render interactive graphics in the browser without any plugins. If an out-of-bounds vulnerability exists, a program can read data (in this case write data) from outside the bounds of the allocated memory region.
Google didn't reveal much about the vulnerability, instead limiting technical details until most Chrome users activate the update. Additionally, VulnDB notes that user interaction is required for successful exploitation of the vulnerability. There are also currently no known exploits available. (Forbes)