UNITED STATES: In an unexpected twist of events, Apple’s Security Engineering and Architecture team (SEAR) recently discovered a high-severity security vulnerability within Google Chrome, the widely used web browser.
Following the responsible disclosure of the flaw, Google promptly awarded the SEAR team a bug bounty of $15,000 as a token of appreciation for their contribution to online safety.
The critical bug, identified as CVE-2023-4072, resides in Chrome’s WebGL implementation. WebGL, a JavaScript API, allows browsers to render interactive graphics without the need for additional plug-ins. However, it seems that this very functionality contained a weakness that could have had serious implications for Chrome users.
An “out of bounds read and write” vulnerability was found by the SEAR researchers, meaning that a program could read or write data from areas outside the allocated memory space.
Such a flaw could have potentially compromised the confidentiality, integrity, and availability of user data, leading to serious security concerns.
Google acted swiftly in response to the disclosure and released an update patch on August 2nd. The company, however, chose to withhold specific technical details about the bug to avoid exploitation by malicious actors until a significant portion of Chrome users had installed the security update.
The bug bounty program is a well-established practice in the tech industry, where companies incentivize security researchers to report vulnerabilities responsibly.
Google’s acknowledgment and reward of Apple’s SEAR team demonstrate the cooperative efforts between tech giants to ensure the safety and security of users’ online experiences.
SEAR, renowned for its exceptional work in providing operating system security foundations across Apple’s diverse product lineup, including the Mac, iPhone, iPad, Apple Watch, and Apple TV, remains proactive in seeking out vulnerabilities beyond its ecosystem.
When they discover security flaws that impact third-party products, the team diligently follows the responsible disclosure process.
The collaboration between Apple and Google, often viewed as competitors in various domains, highlights the importance of information sharing and cooperation to protect users from potential cyber threats.
Bug bounty programs play a crucial role in motivating security researchers to report vulnerabilities responsibly, thereby bolstering the overall security posture of the digital landscape.
At this time, there are no known exploits for CVE-2023-4072, and successful exploitation of the vulnerability requires user interaction. Google has urged Chrome users to promptly update their browsers to the latest version to ensure protection against potential threats.
Also Read: Google Introduces New Feature Allowing Users to Easily Manage Personal Info in Search Results
