Why does Google pay Apple for hacking its Chrome security?
Google recently paid Apple's SEAR team a bug bounty of $15,000 for discovery and disclosure of a bug
Surprising as it may sound, Google pays Apple for effectively hacking the security of its web browser "Chrome".
As a result, a high-severity security vulnerability in the Google Chrome web browser was found by Apple's Security Engineering and Architecture team, Google has confirmed.
Furthermore, Google paid the SEAR team a bug bounty of $15,000 for the discovery and disclosure, Forbes reported.
What Is Apple SEAR?
According to the Cupertino-based technology behemoth "SEAR provides operating system security foundations across all of Apple's innovative products, including Mac, iPhone, iPad, Apple Watch, and Apple TV".
While the SEAR researchers are — understandably — best known for uncovering vulnerabilities within iOS and related systems, they make responsible disclosures if they come across something that relates to a third-party product as part of this ongoing security process.
The news of this particular disclosure came in an August 2 Chrome update announcement confirming 11 security fixes as a result of external contributor vulnerability reports, according to Forbes.
Google pays $15,000 for finding bug
The bug — CVE-2023-4072 — is an "out of bounds read and write" vulnerability within Chrome's WebGL implementation.
"WebGL is the JavaScript application programming interface that enables the rendering of interactive graphics within the browser and without any plug-ins being required," Forbes wrote.
The out-of-bounds bug allows a programme to read — in this case write — data from outside the bounds of an allocated memory area.
Keeping the technical details restricted until such time that a majority of Chrome users have activated the update, Google hasn't shared much about this vulnerability.
However, according to Vulnerability Database, a threat intelligence platform: "it is known to affect confidentiality, integrity, and availability."
Moreover, successful exploitation of the bug requires user interaction and no known exploits are available at this time, according to Vulnerability Database.
-
Asteroid 2024 YR4: Will a Moon collision send fireballs to Earth? -
China expands space capabilities with AlSat-3B remote sensing satellite launch -
Climate change paradox: Polar bears are getting fatter as Arctic ice disappears -
NASA’s Hubble sparks viral buzz with bird-shaped illusion in deep space -
Albatross mystery: Critically endangered bird spotted 4,800km from home -
Snow Moon 2026: When and how to see February Full Moon rise -
Six planets set to align in rare astronomical event: How & when to watch -
China accelerates space tourism, deep space goals amid tech race with US