Chrome is touting beefed-up safety with the discharge of Chrome 106, which fixes 20 current bugs, 5 of them high-severity.
Of the 20 whole safety fixes included, 16 have been discovered by exterior researchers via Google’s bug bounty program. A weblog submit from Google Chrome’s Srinivas Sista listed the particular CVEs noticed by the bug bounty hunters, together with 5 designated high-severity, that are as follows:
- CVE-2022-3304: Use after free in CSS. Reported by Nameless on 2022-09-01
- CVE-2022-3201: Inadequate validation of untrusted enter in Developer Instruments. Reported by NDevTK on 2022-07-09
- CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Analysis Institute on 2022-04-24
- CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Analysis Institute on 2022-04-27
- CVE-2022-3307: Use after free in Media. Reported by Nameless Telecommunications Corp. Ltd. on 2022-05-08
The largest exterior researcher payout for a lot a bug that contributed to the newest Chrome 106 safety replace, in keeping with Sista, was $9,000, the bottom was $1,000. Many payout quantities for different Chrome bug hunters are listed as “$TBD.”
As regular, Google didn’t checklist any technical particulars of the bugs.
“We’d additionally wish to thank all safety researchers that labored with us in the course of the improvement cycle to stop safety bugs from ever reaching the steady channel,” Sista wrote. “As regular, our ongoing inside safety work was liable for a variety of fixes.”
