Chrome 93 – Bug Bounty Release
Google released Chrome 93 for Windows, Mac and Linux that addresses a total of 27 flaws, including 19 vulnerabilities that were reported through its bug bounty program. Google paid over $130,000 in bounty rewards for the issues addressed with the latest release.
The Chrome team is delighted to announce the promotion of Chrome 93 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.Chrome 93.0.4577.63 contains a number of fixes and improvements
The list of vulnerabilities addressed by Google includes five high-severity use-after-free flaws reported by external researchers.
The most severe flaw, tracked as CVE-2021-30606, is a use-after-free in Blink. The bug was reported on ì2021-07-28 and Google awarded it with a $20,000 bounty reward. The three remaining high-severity use-after-free issues were respectively tracked as CVE-2021-30607, CVE-2021-30608, and CVE-2021-30609.
Below is the list of the issues and related awards:
- CVE-2021-30607 – Use after free in Permissions received a $10,000 bounty reward.
- CVE-2021-30608 – Use after free in Web Share received a $7,500 bounty reward.
- CVE-2021-30609 – Use after free in Web Share received a $5,000 bounty reward.
Google also fixed a high-severity Use after free issue, tracked as CVE-2021-30610, in Extensions API. The Use after free in Extensions API. 12 medium-severity vulnerabilities included five use-after-free issues, affecting WebRTC, Base internals, Media, and WebApp Installs.
Google also fixed other medium-severity vulnerabilities including cross-origin data leak, heap buffer overflow, policy bypass, inappropriate implementation, UI spoofing (two bugs), and insufficient policy enforcement.