Surprising as it may sound, Google pays Apple for effectively hacking the security of its web browser “Chrome”.
As a result, a high-severity security vulnerability in the Google Chrome web browser was found by Apple’s Security Engineering and Architecture team, Google has confirmed.
Furthermore, Google paid the SEAR team a bug bounty of $15,000 for the discovery and disclosure, Forbes reported.
What Is Apple SEAR?
According to the Cupertino-based technology behemoth “SEAR provides operating system security foundations across all of Apple’s innovative products, including Mac, iPhone, iPad, Apple Watch, and Apple TV”.
While the SEAR researchers are — understandably — best known for uncovering vulnerabilities within iOS and related systems, they make responsible disclosures if they come across something that relates to a third-party product as part of this ongoing security process.
The news of this particular disclosure came in an August 2 Chrome update announcement confirming 11 security fixes as a result of external contributor vulnerability reports, according to Forbes.
Google pays $15,000 for finding bug
The bug — CVE-2023-4072 — is an “out of bounds read and write” vulnerability within Chrome’s WebGL implementation.
“WebGL is the JavaScript application programming interface that enables the rendering of interactive graphics within the browser and without any plug-ins being required,” Forbes wrote.
The out-of-bounds bug allows a programme to read — in this case write — data from outside the bounds of an allocated memory area.
Keeping the technical details restricted until such time that a majority of Chrome users have activated the update, Google hasn’t shared much about this vulnerability.
However, according to Vulnerability Database, a threat intelligence platform: “it is known to affect confidentiality, integrity, and availability.”
Moreover, successful exploitation of the bug requires user interaction and no known exploits are available at this time, according to Vulnerability Database.
