Chrome 101 was published to the stable channel this week, with 30 security patches inside, including 25 for vulnerabilities discovered by outside security researchers.
The most crucial of these updates addresses a high-severity use-after-free vulnerability in the Vulkan open standard for 3D graphics and compute. SeongHwan Park (SeHwa) reported the flaw, which was tracked as CVE-2022-1477, and was rewarded with a 10,000 USD bug bounty. With the release of Chrome 101, six further high-severity problems were patched, four of which are use-after-free flaws affecting the SwiftShader 3D renderer, the Angle WebGL backend, the Device API, and the Sharing component.
Google claims to have given out 7,000 USD in bug bounties for each of the SwiftShader and Angle faults, as well as 6,000 USD and 5,000 USD for the Device API and Sharing concerns, respectively.