Chrome Critical Vulnerability Resolved: Experts Rewarded $16,000 for Finding the Fix

This week, Google released an update for Chrome 124 that fixes four vulnerabilities, including a critical issue CVE-2024-4058 in ANGLE (Almost Native Graphics Layer Engine).

Given that the vulnerability has been assigned a “critical” rating and it is a type confusion bug, it is likely that it can be remotely exploited for arbitrary code execution or sandbox escape with limited user interaction. It is worth noting that only a few vulnerabilities in Chrome have been classified as “critical” in recent years.

Google thanked the specialists from Qrious Secure for discovering CVE-2024-4058. The researchers received a reward of $16,000 for their findings.

Qrious Secure also reported at least two more vulnerabilities in Chrome to Google: CVE-2024-0517, which allows remote code execution, and CVE-2024-0223, which, according to the researchers, “can be directly used via JavaScript, potentially providing GPU privileges.” Both issues were resolved earlier this year.

Google does not report that CVE-2024-4058 is already being exploited by hackers. However, attackers often exploit type confusion errors found in Chrome, although such vulnerabilities more often affect the V8 JavaScript engine.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment