"Google Pays Out $36,000 for Severe Chrome Vulnerability"

Google recently announced a fresh Chrome browser update that addresses 17 vulnerabilities, including 13 security defects reported by external researchers.  Google noted that the most severe of the externally reported bugs is CVE-2024-9954, a high-risk use-after-free defect in AI, for which it handed out a $36,000 bug bounty reward.  The browser update resolves five medium-severity use-after-free issues as well, impacting Web Authentication, UI, DevTools, Dawn, and Parcel Tracking.  Google said that there was also a resolution of medium-severity inappropriate implementation flaws in Web Authentication, PictureInPicture, and Permissions and an insufficient data validation issue in Downloads.  The update also fixes low-severity inappropriate implementation flaws in Payments and Navigations and an insufficient data validation bug in DevTools.  Google says it has paid the reporting researchers $72,000 in bug bounty rewards.  The latest Chrome iteration is now rolling out as versions 130.0.6723.58/.59 for Windows and macOS and as version 130.0.6723.58 for Linux.

SecurityWeek reports: "Google Pays Out $36,000 for Severe Chrome Vulnerability"