(CTN News) – Most users are surprised to learn that Google pays Apple to effectively hack the security of its web browser “Chrome” in order to improve its performance and security.
A high-severity security vulnerability was recently found in the Google Chrome web browser, which has been confirmed by Google, thanks to Apple’s Security Engineering and Architecture team.
In response to this discovery, Google paid a bug bounty of $15,000 to the SEAR team as compensation for their discovery and disclosure of the vulnerability.
Is Apple SEAR a new technology?
Apple’s Cupertino-based technology giant says that the SEAR operating system security platform is the foundation behind all of Apple’s innovative products, including Mac, iPhone, iPad, Apple Watch, and Apple TV.
Despite the fact that SEAR researchers are – understandably – best known for finding vulnerabilities in iOS and related systems, they also make responsible disclosures when they come across something that pertains to a third-party product as part of such ongoing security procedures.
The disclosure of this particular vulnerability came as part of the August 2 Chrome update announcement, which confirmed 11 security fixes based on external contributor reports of security vulnerabilities, according to Forbes.
A $15,000 reward is offered by Google for finding a bug
In the case of Chrome’s WebGL implementation, there is a vulnerability known as CVE-2023-4072 that enables “out of bounds reads and writes”.
This type of bug allows a program to read – and in this case write – data from outside the bounds of a memory area that has been allocated to it.
In the interest of keeping the technical details of this vulnerability under wraps until such time as a majority of Chrome users have activated the update, Google hasn’t shared much about this vulnerability so far.
According to Vulnerability Database, a threat intelligence platform, the vulnerability has the potential to affect confidentiality, integrity, and availability of information.
Moreover, a successful exploitation of the bug requires user interaction, and, according to Vulnerability Database, no exploits are currently available for this vulnerability at this time.