Google has released Chrome 114 update, addressing four vulnerabilities, with three high-severity bugs discovered by external researchers.
The company distributed a total of $35,000 in bug bounty rewards to the reporting researchers. The highest payout of $20,000 went to GitHub Security Lab researcher Man Yue Mo, who identified a type confusion issue in Chrome’s V8 JavaScript rendering engine (CVE-2023-3420).
Another significant vulnerability (CVE-2023-3421), a use-after-free issue in Media, earned a $10,000 bug bounty for Cisco Talos researcher Piotr Bania. Use-after-free vulnerabilities, known for causing memory corruption, can result in arbitrary code execution, data corruption, or denial of service.
In Chrome, such flaws may lead to a sandbox escape if attackers target a privileged browser process or exploit vulnerabilities in the underlying operating system.
The third reported bug, CVE-2023-3422, is a use-after-free flaw in Guest View, and Google rewarded the security researcher ‘asnine’ with a $5,000 bounty. Despite these vulnerabilities, Google has not reported any instances of them being exploited in attacks.
