In an unexpected twist, Google has recently confirmed that it paid Apple's Security Engineering and Architecture team (SEAR) a bug bounty of $15,000 for identifying a high-severity security vulnerability within the Chrome web browser. This remarkable collaboration demonstrates the shared commitment to enhancing digital security across the tech industry.
The SEAR team, renowned for its role in bolstering operating system security for Apple's products, ventured beyond their usual realm of expertise to uncover a critical flaw within Chrome. The vulnerability, labelled CVE-2023-4072, is categorised as an "out of bounds read and write" vulnerability within Chrome's WebGL implementation. This technology empowers browsers to render interactive graphics without requiring additional plugins. By identifying this flaw, the SEAR team made a significant contribution to improving the security landscape.
Despite the unconventional partnership, this move underlines the importance of collaborative efforts in fortifying digital defences. Google's willingness to reward Apple for its discovery showcases a shared objective to safeguard user data and privacy. Although specific technical details of the vulnerability remain undisclosed until a sufficient number of users update their Chrome browsers, it is reassuring to know that this cooperation is geared toward ensuring the confidentiality, integrity, and availability of online experiences.
Furthermore, the security community saw the likes of Guang and Weipeng Jiang from VRI, Jaehun Jeong of Theory, and Cassidy Kim, among others, being acknowledged for their contributions to Chrome's security. Each received rewards ranging from $17,000 to $1,000, showcasing the diverse range of vulnerabilities that were discovered.
To ensure maximum protection, Google advises users to update their Chrome browsers promptly and surf the internet using a hide VPN. Updates are automatically downloaded, and users can trigger the process by navigating to the Help|About option in the Chrome menu. A browser restart is essential to activate the update and guard against potential security threats.