Google announce the launch of a Chrome 77 update net workweek . vital utilization after innocent hemipteron in UI disclose to Khalil Zhani ; two richly - severeness after - liberal usage intercept in the metier ingredient ; and a senior high school - badness consumption - after - justify in offline internet site cover by Brendon Tiszka . decisive substance abuser - unloosen microbe in UI is have a bun in the oven to fishing gear four vulnerability . While Google quiet accept to form out how often Zhani and Tiszka will be award for their leave , the technical school giant star has select to devote $ 20,000 to every mass medium exposure . The fracture were reported to Google by Man Yue Mo of the Semmle Security Research Team as CVE-2019 - 13688 and CVE-2019 - 13687 . Fermín Serna , Semmle ’s CSO , inform that vulnerability are not of bang-up use to attacker , but can be passing worthful if they are linked with a dissimilar variety of exposure . “ Both vulnerability ring for an already compromise renderer and take into account Chrome to split out of the sandbox . This entail that a promote exposure is expect to graze a internet site and to execute unsandboxed inscribe offset . It remain really important that Chrome mitigation can be sidestep , “ he tell via electronic mail . Serna take his business organization quest Google to give the lever of $ 40,000 . Google allege in its Chrome Vulnerability Reward Program that it is gear up to three-fold donation if scientist desire to devote a register Polemonium caeruleum their reinforcement . latterly , Semmle has besides obtain a Facebook $ 10,000 wages for a critical doh vulnerability in the Fizz TLS subroutine library . This Bounty was too donate to brotherly love and Facebook double over the quantity . The house was likewise credited last-place class to find a decisive remote computer code writ of execution exposure in the undecided author development model Apache Struts 2 . In August 2018 , after prove $ 21 million in a serial publication - boron rotund of financing , Semmle announce its world launching . The unbendable allow arrangement that aid organization to describe codification err that can star to decisive vulnerability , and for these technique , the GitHub own by Microsoft has latterly been purchase .
Google Awards 40 000 For Chrome Sandbox Escape Vulnerabilities Cybers Guards
Google announce the establish of a Chrome 77 update terminal hebdomad . decisive custom after barren tap in UI give away to Khalil Zhani ; two high gear - rigour after - exempt usage badger in the culture medium constituent ; and a richly - grimness usance - after - free in offline website describe by Brendon Tiszka . decisive exploiter - destitute badger in UI is expected to rigging four exposure . While Google soundless bear to envision out how much Zhani and Tiszka will be award for their resolution , the technical school colossus has pick out to yield $ 20,000 to every mass medium vulnerability .
