Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google paid over $130K in bounty rewards for the issues addressed with the release of Chrome 93

Google announced the release of Chrome 93 that addresses 27 security vulnerabilities, 19 issues were reported through its bug bounty program. Google announced the release of Chrome 93 for Windows, Mac and Linux that addresses a total of 27 flaws, including 19 vulnerabilities that were reported through its bug bounty program. Google paid over $130,000 in […]

Google Chrome Gemini Live

Google announced the release of Chrome 93 that addresses 27 security vulnerabilities, 19 issues were reported through its bug bounty program.

Google announced the release of Chrome 93 for Windows, Mac and Linux that addresses a total of 27 flaws, including 19 vulnerabilities that were reported through its bug bounty program. Google paid over $130,000 in bounty rewards for the issues addressed with the Chrome 93.0.4577.63. release.

“The Chrome team is delighted to announce the promotion of Chrome 93 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.” reads the advisory. “Chrome 93.0.4577.63 contains a number of fixes and improvements — a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 93.”

The list of vulnerabilities addressed by Google includes five high-severity use-after-free flaws reported by external researchers.

The most severe flaw, tracked as CVE-2021-30606, is a use-after-free in Blink that was reported by 360 Alpha Lab researchers reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab. The bug was reported on ì2021-07-28 and Google awarded it with a $20,000 bounty reward.

The three remaining high-severity use-after-free issues were respectively tracked as CVE-2021-30607, CVE-2021-30608, and CVE-2021-30609. Below is the list of the issues and related awards:

  • CVE-2021-30607 – Use after free in Permissions received a $10,000 bounty reward.
  • CVE-2021-30608 – Use after free in Web Share received a $7,500 bounty reward.
  • CVE-2021-30609 – Use after free in Web Share received a $5,000 bounty reward.

Google also fixed a high-severity Use after free issue, tracked as CVE-2021-30610, in Extensions API. The Use after free in Extensions API. The vulnerability was reported Igor Bukanov from Vivaldi on 2021-04-19,

Another 12 medium-severity vulnerabilities included five use-after-free issues, affecting WebRTC, Base internals, Media, and WebApp Installs. The flaws received bounty rewards from $10,000 up to $20,000.

Google also fixed other medium-severity vulnerabilities including cross-origin data leak, heap buffer overflow, policy bypass, inappropriate implementation, UI spoofing (two bugs), and insufficient policy enforcement.

Google also paid a $10,000 reward for a low-severity issue.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Google)

[adrotate banner=”5″]

[adrotate banner=”13″]