Google published an update for Chrome 90 this week that addresses yet another significant flaw in the web browser’s V8 JavaScript engine. Researchers from Chinese cybersecurity company Singular Security Lab reported the bug – CVE-2021-21227- to Google, with a high severity rating.
For disclosing the flaw, which Google identified as “insufficient data validation in V8,” the researcher was paid $15,000.
In recent weeks, Google has fixed a number of critical V8 bugs, including those for which proof-of-concept exploits were released before patches were released. Google warned that vulnerabilities exist in the wild for some of these security flaws.
To Read More: securityweek
