Google has paid out a total of $40,000 for a couple of vulnerabilities that can be exploited to escape Chrome’s sandbox.
Google announced the launch of a Chrome 77 update last week. Critical usage after free bug in UI revealed to Khalil Zhani; two high-severity after-free usage bugs in the media element; and a high-severity use-after-free in offline websites reported by Brendon Tiszka. Critical user-free bug in UI is expected to tackle four vulnerabilities.
While Google still has to figure out how much Zhani and Tiszka will be awarded for their results, the tech giant has chosen to pay $20,000 to every media vulnerability.
The faults were reported to Google by Man Yue Mo of the Semmle Security Research Team as CVE-2019-13688 and CVE-2019-13687.
Fermín Serna, Semmle’s CSO, informed that vulnerabilities are not of great use to attackers, but can be extremely valuable if they are coupled with a different kind of vulnerability.
“Both vulnerabilities call for an already compromised renderer and allow Chrome to break out of the sandbox. This implies that a further vulnerability is required to browse a website and to execute unsandboxed code first. It remains very important that Chrome mitigations can be circumvented, “he said via email.
Serna claims his business requested Google to give the prize of $40,000. Google says in its Chrome Vulnerability Reward Program that it is ready to double donations if scientists want to give a registered charity their reward.
Recently, Semmle has also received a Facebook $10,000 reward for a critical DoS vulnerability in the Fizz TLS library. This bounty was also donated to charities and Facebook doubled the quantity.
The firm was also credited last year to find a critical remote code execution vulnerability in the open source development framework Apache Struts 2.
In August 2018, after raising $21 million in a series-B round of financing, Semmle announced its worldwide launch. The firm provides systems that assist organisations to identify code mistakes that can lead to critical vulnerabilities, and for these techniques, the GitHub owned by Microsoft has lately been purchased.