Google has reportedly paid Apple for their assistance in uncovering a significant security vulnerability in Google Chrome, the popular web browser.
The vulnerability, CVE-2023-4072, involves an “out of bounds read and write” flaw within Chrome’s WebGL implementation.
Apple’s Security Engineering and Architecture team, known as SEAR, played a crucial role in discovering this high-severity vulnerability. Although SEAR primarily focuses on Apple’s products, they responsibly disclose any vulnerabilities they come across in third-party products during their security investigations.
As a gesture of appreciation, Google rewarded the SEAR team with a bug bounty of $15,000 for their discovery and disclosure of the flaw, as reported by Forbes.
The bug bounty program is a common practice in the tech industry, where companies offer monetary rewards to individuals or teams who responsibly report security vulnerabilities.
WebGL, the JavaScript application programming interface responsible for rendering interactive graphics within the browser without the need for plugins, was found to be affected by this out-of-bounds read-and-write vulnerability.
The flaw allows a malicious program to access data beyond the allocated memory area, potentially compromising the system’s confidentiality, integrity, and availability.
In response to this discovery, Google swiftly issued an update for Chrome, which includes fixes for 11 security vulnerabilities reported by external contributors. They have chosen to withhold specific technical details of the flaw until many Chrome users have applied the update to minimize the risk of exploitation.
There are no known exploits for this particular vulnerability, and successful exploitation would require user interaction. Despite this, users must remain vigilant and promptly apply software updates to protect their systems and data from potential threats.
As the incident unfolds, both Google and Apple continue demonstrating their commitment to enhancing cybersecurity by collaborating on responsible disclosure and addressing vulnerabilities in popular software platforms.
Must read: Musk Announces News for Twitter X Users.