Google pays Apple $15,000 for hacking Chrome Security
In an unexpected twist, Google has recently confirmed that it paid Apple's Security Engineering and Architecture team (SEAR) a bug bounty of $15,000 for identifying a high-severity security vulnerability within the Chrome web browser. This remarkable collaboration demonstrates the shared commitment to enhancing digital security across the tech industry.
The SEAR team, renowned for its role in bolstering operating system security for Apple's products, ventured beyond their usual realm of expertise to uncover a critical flaw within Chrome. The vulnerability, labelled CVE-2023-4072, is categorised as an "out of bounds read and write" vulnerability within Chrome's WebGL implementation. This technology empowers browsers to render interactive graphics without requiring additional plugins. By identifying this flaw, the SEAR team made a significant contribution to improving the security landscape.
Despite the unconventional partnership, this move underlines the importance of collaborative efforts in fortifying digital defences. Google's willingness to reward Apple for its discovery showcases a shared objective to safeguard user data and privacy. Although specific technical details of the vulnerability remain undisclosed until a sufficient number of users update their Chrome browsers, it is reassuring to know that this cooperation is geared toward ensuring the confidentiality, integrity, and availability of online experiences.
The recognition of SEAR's discovery coincided with Google's broader efforts to address vulnerabilities in their Chrome browser. A total of $123,000 in bounties was distributed to various individuals and teams responsible for identifying and disclosing vulnerabilities. 'Jerry' was the standout recipient, receiving $23,000 for unveiling a type of confusion vulnerability within the Chrome V8 JavaScript engine. The collaboration extended to others, such as Man Yue Mo from the GitHub Security Lab, who was rewarded $21,000 for identifying a type confusion vulnerability within the same engine.
Furthermore, the security community saw the likes of Guang and Weipeng Jiang from VRI, Jaehun Jeong of Theory, and Cassidy Kim, among others, being acknowledged for their contributions to Chrome's security. Each received rewards ranging from $17,000 to $1,000, showcasing the diverse range of vulnerabilities that were discovered.
To ensure maximum protection, Google advises users to update their Chrome browsers promptly and surf the internet using a hide VPN. Updates are automatically downloaded, and users can trigger the process by navigating to the Help|About option in the Chrome menu. A browser restart is essential to activate the update and guard against potential security threats.