"Google Paid Out $90,000 for Vulnerabilities Patched by Chrome 104"

Google has patched 27 vulnerabilities with the release of Chrome 104 recently, and the researchers who reported some of these security holes earned thousands of dollars in bug bounties.  Google paid out approximately $90,000 for the flaws patched in the latest version of Chrome, but it has yet to determine the rewards for two of the issues, including a high-severity bug.  The highest bug bounty, $15,000, was earned by an anonymous researcher who discovered a use-after-free vulnerability in the Omnibox component.  It was noted that use-after-free vulnerabilities are commonly found in Chrome.  These types of flaws can often be exploited to escape the browser’s sandbox, but they are in many cases only useful to attackers when combined with other flaws.  Researchers at 360 Alpha Lab earned $10,000 for reporting a use-after-free vulnerability in the Safe Browsing component.  The researchers were also awarded an additional $7,000 for two other vulnerabilities they reported.  Others who reported vulnerabilities received between $1,000 and $7,000 for their findings.  Google noted that none of the vulnerabilities appear to have been exploited in attacks.  

SecurityWeek reports: "Google Paid Out $90,000 for Vulnerabilities Patched by Chrome 104"