September 11, 2024 at 05:15AM Google announced a new Chrome 128 update addressing five vulnerabilities, with four high-severity flaws reported by external researchers. The flaws include heap buffer overflow in Skia, use-after-free in Media Router, type confusion in V8 JavaScript engine, and use-after-free in Autofill. Google rewarded bug bounties for the first two security defects … Read more
September 3, 2024 at 04:51AM Two Chrome browser updates, 128.0.6613.113/.114 and 128.0.6613.119/.120, addressed eight vulnerabilities last week. Four high-severity memory safety flaws, including issues in the V8 JavaScript engine, were resolved. The security patches also covered a heap buffer overflow in Skia. Google urges prompt updates, but no evidence of exploitation in the wild has … Read more
September 1, 2024 at 09:08AM The popular open-source project Docker-OSX, allowing virtualization of macOS on non-Apple hardware, has been removed from Docker Hub due to a DMCA takedown request from Apple, citing copyright violation. Although still available on GitHub without installer binaries, the case highlights legal challenges for open-source projects dealing with proprietary software and … Read more
August 29, 2024 at 12:35PM Google’s Chrome Vulnerability Rewards Program has increased rewards, specifically addressing memory safety with up to $250,000 for demonstrated remote code execution. Other classes of vulnerabilities have rewards up to $30,000 and special rewards of $100,115 and $250,128 for bypassing security measures. A new bug could potentially earn $500,128. Based on … Read more
August 28, 2024 at 01:28PM Google has increased payouts for Google Chrome security flaws through its Vulnerability Reward Program, with the maximum reward for a single bug now over $250,000, more than doubling the previous amount. Based on the meeting notes, it seems that Google has increased its payouts for security flaws reported through its … Read more
August 27, 2024 at 02:27AM Google has disclosed an actively exploited security flaw in its Chrome browser, tracked as CVE-2024-7965, related to an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. The security researcher TheDog discovered the flaw and was awarded an $11,000 bug bounty. Users are advised to upgrade to Chrome version … Read more
August 22, 2024 at 06:21AM Google has released Chrome 128, addressing 38 vulnerabilities, including 20 reported by external researchers. Seven high-severity flaws were identified, with one exploited in the wild as a zero-day (CVE-2024-7971). The update also resolves other high, medium, and low-severity bugs and includes bug bounty rewards totaling $95,000. Users are urged to … Read more
August 21, 2024 at 11:00AM Google is discontinuing its Google Play Security Reward Program (GPSRP) after achieving its goal of increasing Android OS security. Bug submissions will be accepted until August 31, 2024, with final rewards decided by September 30. The program has incentivized developers to improve their app security, paying out a total of … Read more
August 15, 2024 at 05:09AM GitHub has launched Copilot Autofix, an AI-powered vulnerability remediation feature. It offers fix suggestions for various security defects, helping developers to address bugs in their code faster. During the public beta, it was found that developers were fixing vulnerabilities more than three times faster than manually. It will be available … Read more
August 9, 2024 at 02:04PM To enhance AI model safety, we’re expanding our bug bounty program to focus on identifying and mitigating universal jailbreak attacks that could bypass AI safety measures. The $15,000 reward program, in partnership with HackerOne, invites experienced AI security researchers to apply for an early access test phase before public deployment. … Read more