Google has awarded more than USD 25,000 to the researchers who discovered the vulnerabilities that were patched with the release of Chrome 109.
The company notified users that six security flaws in Chrome had been patched, including four that were discovered by outside researchers. High-severity use-after-free problems affecting the WebTransport and WebRTC components make up two of them. The flaws were reported by researchers Chichoo Kim and Cassidy Kim, who received a total of USD 19,000 for their work.
The CVE numbers for these flaws are 2023-0471 and 2023-0472. Chrome use-after-free bugs are frequently exploitable for remote code execution and sandbox escapes, but frequently they need to be chained with other vulnerabilities.
Read More: Security Update for Chrome 109 Patches 6 Vulnerabilities
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.