Six security flaws in Google Chrome have been addressed as part of the browser’s first security update this year, reports SecurityWeek. Included in the patched bugs were four high-severity memory safety vulnerabilities reported by third-party researchers
Qrious Secure researchers were given $15,000 each for identifying the use-after-free and heap buffer overflow bugs in the ANGLE graphics rendering engine, tracked as CVE-2024-0222 and CVE-0223, while an Ant Group Light-Year Security Lab researcher was rewarded $10,000 for discovering the use-after-free issue in the browser’s WebAudio component, tracked as CVE-2024-0224.
Another use-after-free bug in WebGPU, tracked as CVE-2024-0225, has been fixed but the bounty to be given for its discovery has yet to be reported by Google. Such an update comes amid the growing prevalence of mostly high-severity use-after-free vulnerabilities in Chrome, which could be leveraged for denial-of-service and arbitrary code execution, even after Google’s implementation of security enhancements in the browser.