Google’s Compensation
Does Google compensate Apple for penetrating Chrome’s defenses? Most individuals are taken aback to learn that Google remunerates Apple for skillfully breaching the security measures of its web browser “Chrome”.
Recently, courtesy of Apple’s Security Engineering and Architecture team, a critical security vulnerability was unearthed in the Google Chrome web browser, a fact that Google has officially acknowledged.
Consequently, Google awarded the SEAR team a bug bounty amounting to $15,000 for their discovery and disclosure, as reported by Forbes.
SEAR: Apple’s Security
What is Apple SEAR? Described by the Cupertino-based technological giant, “SEAR provides the foundational security framework for all of Apple’s innovative products, encompassing Mac, iPhone, iPad, Apple Watch, and Apple TV”.
While the SEAR researchers are, quite understandably, renowned for unveiling vulnerabilities within iOS and associated systems, they dutifully disclose any relevant findings regarding third-party products, as part of their ongoing security regimen.
The announcement of this specific revelation was included in an August 2nd update for Chrome, confirming 11 security enhancements resulting from external contributor vulnerability reports, according to Forbes.
Bug Bounty Recognition
Google disburses $15,000 for bug detection The identified bug — designated CVE-2023-4072 — entails an “out of bounds read and write” vulnerability within Chrome’s WebGL implementation.
“Forbes elucidated, “WebGL serves as the JavaScript application programming interface facilitating the rendering of interactive graphics within the browser, devoid of the need for any plug-ins.”
The out-of-bounds flaw permits a program to read, or in this case, write data beyond the allocated memory bounds.
Technical Disclosure
Technical intricacies are being withheld until a significant number of Chrome users have enacted the update, as Google has opted not to divulge extensive information regarding this vulnerability.
However, according to the Vulnerability Database, a platform for threat intelligence: “it is recognized to impact confidentiality, integrity, and availability.”
Furthermore, to exploit the bug successfully, user engagement is necessary, and as of the present moment, no known exploits have been identified, as stated by the Vulnerability Database.
Stay informed about the latest technological developments and reviews by following TechTalk, and connect with us on Twitter, Facebook, Google News, and Instagram. For our newest video content, subscribe to our YouTube channel.