According to Forbes, Apple’s Security Engineering and Architecture team discovered the bug and reported it to Google for discovery and disclosure.
Google paid Apple $15,000 as a bug bounty for discovering a high-severity security vulnerability in the Chrome web browser.
According to Forbes, Apple’s Security Engineering and Architecture team discovered the bug and reported it to Google for discovery and disclosure. Google confirmed 11 security fixes as a result of external contributor vulnerability reports in its latest Chrome update.
Apple’s SEAR team is in charge of laying the groundwork for operating system security across all of the company’s product lines. According to the report, if they come across anything related to a third-party product as part of this ongoing security process, they will make a responsible disclosure. The CVE-2023-4072 flaw is caused by an out of bounds read and write bug in Chrome’s WebGL implementation.
WebGL is a JavaScript application programming interface that allows the rendering of interactive graphics within the browser without the use of any plug-ins. According to the report, Google awarded bug bounties totaling $123,000 as part of its bug bounty program. The Stable Chrome channel for Mac and Linux has been updated to 115.0.5790.170/.171 and will be rolled out over the next few days/weeks, according to the company.
Access to bug details and links may be restricted until the majority of users have received a fix. We will also retain restrictions if the bug exists in a third-party library on which other projects rely but have not yet been fixed, according to Google.
