Why does Google pay Apple for hacking its Chrome security?
Google recently paid Apple's SEAR team a bug bounty of $15,000 for discovery and disclosure of a bug
Surprising as it may sound, Google pays Apple for effectively hacking the security of its web browser "Chrome".
As a result, a high-severity security vulnerability in the Google Chrome web browser was found by Apple's Security Engineering and Architecture team, Google has confirmed.
Furthermore, Google paid the SEAR team a bug bounty of $15,000 for the discovery and disclosure, Forbes reported.
What Is Apple SEAR?
According to the Cupertino-based technology behemoth "SEAR provides operating system security foundations across all of Apple's innovative products, including Mac, iPhone, iPad, Apple Watch, and Apple TV".
While the SEAR researchers are — understandably — best known for uncovering vulnerabilities within iOS and related systems, they make responsible disclosures if they come across something that relates to a third-party product as part of this ongoing security process.
The news of this particular disclosure came in an August 2 Chrome update announcement confirming 11 security fixes as a result of external contributor vulnerability reports, according to Forbes.
Google pays $15,000 for finding bug
The bug — CVE-2023-4072 — is an "out of bounds read and write" vulnerability within Chrome's WebGL implementation.
"WebGL is the JavaScript application programming interface that enables the rendering of interactive graphics within the browser and without any plug-ins being required," Forbes wrote.
The out-of-bounds bug allows a programme to read — in this case write — data from outside the bounds of an allocated memory area.
Keeping the technical details restricted until such time that a majority of Chrome users have activated the update, Google hasn't shared much about this vulnerability.
However, according to Vulnerability Database, a threat intelligence platform: "it is known to affect confidentiality, integrity, and availability."
Moreover, successful exploitation of the bug requires user interaction and no known exploits are available at this time, according to Vulnerability Database.
-
Stunning new photos of the Milky Way shed light on how stars are formed -
Antarctica’s mysterious ‘gravity hole’: What’s behind the evolution of Earth’s deep interior? -
‘Mars’ missing water mystery takes a surprising turn as new study finds regional dust storms trigger massive water loss into space -
Scientists reveal how sleeping can unlock your creative potential -
NASA Artemis 2 moon mission faces unexpected delay ahead of March launch -
Total Lunar eclipse: What you need to know and where to watch -
Sun appears spotless for first time in four years, scientists report -
SpaceX launches another batch of satellites from Cape Canaveral during late-night mission on Saturday