A Chrome 95 replace launched by Google on Thursday patches two actively exploited Chrome vulnerabilities, in addition to flaws that have been disclosed lately at a Chinese language hacking contest.
Google workers have been credited for each zero-day vulnerabilities. No info has been made accessible concerning the assaults during which these vulnerabilities have been exploited.
Greater than a dozen Chrome vulnerabilities found this 12 months have been exploited within the wild, based on information from Google’s Challenge Zero group.
The newest Chrome 95 replace contains eight security fixes, together with no less than seven categorised as excessive severity. Wei Yuan of MoyunSec VLab earned $10,000 for a use-after-free bug, and whereas that’s the highest bounty awarded by Google, two of the CVEs patched this week earned two analysis groups a complete of $300,000 on the Tianfu Cup hacking contest that befell lately in China.
The Kunlun Lab and 360 Alpha Lab groups every earned $150,000 for Chrome exploit chains that achieved distant code execution with a sandbox escape. The rewards have been paid out by the organizers of Tianfu Cup — Google doesn’t pay out separate rewards for vulnerabilities disclosed at hacking competitions resembling Tianfu Cup and Pwn2Own.
SecurityWeek has realized that the Kunlun Lab exploit additionally concerned a Home windows kernel bug that has but to be patched.
On the Tianfu Cup, members earned a complete of $1.9 million for demonstrating exploits focusing on Home windows 10, Ubuntu, iOS 15 on iPhone 13 Professional, Microsoft Change, Chrome, Safari, Adobe Reader, Parallels Desktop, QEMU, Docker, VMware ESXi and Workstation, and ASUS routers.