Google awards $15K to Apple security team for finding bug in Chrome

NEW DELHI: Google has awarded $15,000 as bug bounty to Apple for spotting a high-severity security vulnerability in the Chrome web browser.

Apple’s Security Engineering and Architecture team found the bug and reported to Google for discovery and disclosure, reports Forbes.

Google disclosed in its latest Chrome update, confirming 11 security fixes as a result of external contributor vulnerability reports.

Apple’s SEAR team is tasked with providing the foundation for operating system security across all product lines at the tech giant.

“If they happen to come across something that relates to a third-party product as part of this ongoing security process, then a responsible disclosure will be made,” according to the report.

The ‘CVE-2023-4072’ vulnerability is an “out of bounds read and write” bug within Chrome’s WebGL implementation.

WebGL is the JavaScript application programming interface that enables the rendering of interactive graphics within the browser and without any plug-ins being required.

In total, Google awarded bounties worth $123,000 for vulnerabilities as part of its bug bounty programme, according to the report.

The company said that the Stable Chrome channel has been updated to 115.0.5790.170 for Mac and Linux and 115.0.5790.170/.171 for Windows, which will roll out over the coming days/weeks.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed,” said Google.