Google shared details about its long-term plan for memory safety in Chrome this week. It also announced the first stable release Chrome 94 which addresses a total 19 vulnerabilities.
Google decided to address the issue before it gets worse by identifying memory safety issues as the root cause of over 70% of Chrome’s severe bugs last year.
The Internet search giant chose to concentrate on two solutions out of all the possible options. They introduced runtime checks to verify that pointers are correct and sought a different safe memory programming language.
However, it was considered a viable option and Google is currently experimenting with it.
The company is currently only interested in how it can make C++/Rust work together. However, it has already begun non-user-facing Rust experiments.
Chrome 94.0.4606.54 is now available for Windows, Mac, and Linux. It fixes 19 security vulnerabilities, including five high-severity and ten moderate-severity issues, as well as two low-severity ones.
CVE-2021-37956 is the most serious of the severe issues. This flaw can be used in Offline, and Google paid a $15,000 bounty.
The company also paid $7500 for a WebGPU bug, $3,000 for an inappropriate implementation of Navigation, and $1,000 to resolve a Task Manager issue.
Google claims it also paid high rewards to five vulnerabilities of medium severity: $10,000 each for tab strip flaws and one in Performance Manager; $3,000 each side-channel information leakage and ChromeOS Networking inappropriate implementation, and Background Fetch API inappropriate implementation.
Google paid out more than $56,000 in bounty payments to researchers who reported on the issues, though the actual amount could be much greater, as the company has not yet revealed the rewards for seven of them.