- Google has delivered Google Chrome 104 to the stable channel for Windows, macOS, and Linux with significant security patches.
- 7 issues were classified as high severity and Google paid researchers who found them, approximately 43.000$ as bounty rewards.
- Google Chrome 104 is out. However, it might take some time to automatically update on different operating systems.
Google has announced the release of Google Chrome 104 to the stable channel for Windows, Mac, and Linux users. The release contains several fixes and improvements. The tech giant has also disclosed the related bounty rewards in its announcement.
Google paid thousand of USD for bounty rewards
Google highlights that these fixes are contributed by third parties. None of the security issues are known to be exploited in the wild, but that does not decrease their importance. It is still highly recommended to update Chrome immediately to protect the browser against attacks that target the vulnerabilities.
Google awarded the researchers who discovered 7 issues with high classification with the amount of a total of $43,000. The company also recognized 15 medium issues and awarded the researchers who found them with a total of $49,000 as bounty rewards. Below are the issues that are classified as high vulnerability;
- CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16. A $15000 award has been issued as a bounty reward.
- CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang and Guang Gong of 360 Alpha Lab on 2022-06-10. A $10000 award has been issued as a bounty reward.
- CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang on 2022-06-22. A $7000 Award has been issued as a bounty reward.
- CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang and Guang Gong of 360 Alpha Lab on 2022-05-31. A $5000 award has been issued as a bounty reward.
- CVE-2022-2607: Use after free in Tab Strip. Reported by ginggilBesel on 2022-01-11. A $3000 award has been issued as a bounty reward.
- CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-06-01. A $3000 award has been issued as a bounty reward.
- CVE-2022-2609: Use after free in Nearby Share. Reported by koocola and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22. The bounty award is not known yet.
Chrome 104 delivers a few new features. Among them are specifying a crop area with region capture, easier media queries with level 4 syntax and evaluation, and shared element transitions starting a new origin trial. A list of changes is available in the changelog. Google has added that this rollout could take days or weeks before everyone sees their browser automatically updated.