Google has released its latest Chrome update, addressing 11 security issues that were reported by external contributors highlighting vulnerabilities. Apple’s Security Engineering and Architecture team (SEAR) played a crucial role in identifying a significant security flaw in the Chrome web browser, for which Google has rewarded Apple with a bug bounty of $15,000. This reflects the collaborative efforts between technology giants in enhancing security.
The specific vulnerability, designated as ‘CVE-2023-4072,’ pertains to an “out of bounds read and write” bug within Chrome’s WebGL implementation. WebGL serves as the JavaScript application programming interface responsible for rendering interactive graphics within web browsers without requiring additional plug-ins.
Notably, Google’s bug bounty program extended rewards totaling $123,000 for various identified vulnerabilities. The company has updated the Stable Chrome channel to versions 115.0.5790.170 for Mac and Linux, as well as 115.0.5790.170/.171 for Windows. These updates will be gradually rolled out to users in the forthcoming days and weeks to ensure enhanced security.
Google emphasized that access to specific bug details may be restricted until a majority of users have received the necessary updates to address the vulnerabilities. This approach aims to mitigate risks while fostering responsible collaboration between different projects and third-party libraries.
Overall, this highlights the ongoing commitment of tech companies to maintain and strengthen the security of their products, utilizing cross-industry cooperation to identify and rectify potential threats.
