June 19, 2024 at 07:21AM
Google announced an update to Chrome 126 containing six security fixes, including four high-severity vulnerabilities reported by external researchers. The first bug, CVE-2024-6100, was reported by Seunghyun Lee at the TyphoonPWN 2024 hacking competition, earning a $20,000 bug bounty. The update also addresses other high-severity flaws and is now rolling out to users.
Based on the meeting notes, the key takeaways are:
– Google announced the release of Chrome 126 update containing six security fixes, including high-severity vulnerabilities reported by external researchers.
– The update addresses a high-severity type confusion issue in the V8 JavaScript engine, reported by Seunghyun Lee at SSD Secure Disclosure’s TyphoonPWN 2024 hacking competition.
– The reporting researcher received a $20,000 bug bounty reward for the finding.
– Another issue addressed is an inappropriate implementation in WebAssembly, with a $7,000 reward provided by Google.
– The update also resolved two high-severity flaws in Dawn, with Google yet to determine the bug bounty amounts for the vulnerabilities.
– Google has released the latest Chrome iteration as version 126.0.6478.114 for Linux and as versions 126.0.6478.114/115 for Windows and macOS.
Let me know if you need any other information.