Sandbox escape

Google informed Chrome users that an update for version 89 includes eight security fixes, including for six vulnerabilities reported by external researchers.

The highest reward, $20,000, was awarded to researchers Leecraso and Guang Gong of the 360 Alpha Lab at Qihoo 360. The issue was described by Google as a use-after-free in screen capture.

Vulnerability, tracked as CVE-2021-21194, can be exploited to escape the Chrome sandbox. If exploited in combination with a renderer bug, it can allow an attacker to remotely execute arbitrary code outside the Chrome sandbox on the targeted user’s device.

This is not the first time Researchers have found such a vulnerability in Chrome. These researches have received more than $150,000 for security holes discovered in Chrome, and there still appear to be several critical and high-severity vulnerabilities for which Google has yet to determine the bug bounty.

These researchers have been named in at least 17 Chrome advisories over the past year.The latest Chrome update also patches several other high-severity vulnerabilities, including a use-after-free in the V8 JavaScript engine, two heap buffer overflows in TabStrip, an out-of-bounds read bug affecting IPC, and a use-after-free in Aura.

Google reported last month that it paid out a total of $6.7 million in bug bounties in 2020, and roughly $28 million since its first bug bounty program was launched ten years ago.