With the release of Chrome 104 on Tuesday, Google patched 27 vulnerabilities, and the researchers who discovered some of these security flaws received thousands of dollars in bug bounties.
The internet giant has awarded rewards for the flaws fixed in the most recent version of Chrome totaling about USD 90,000, but it has not yet decided what will be paid out for two of the problems, including a high-severity bug. An anonymous researcher who identified a use-after-free vulnerability in the Omnibox component received the highest bug bounty, worth USD 15,000.
Use-after-free flaws are frequently discovered in Chrome. These kinds of vulnerabilities can frequently be used to get past the browser’s sandbox, but they are frequently only helpful to attackers when combined with other vulnerabilities.