Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities

Miravi

Miravi

Level 9
Thread author
Verified
Well-known
Aug 31, 2024
418
2,986
768
USA
Content source
https://www.securityweek.com/google-pays-100000-in-rewards-for-two-chrome-vulnerabilities/
Google has released Chrome 142 to the stable channel with patches for 20 vulnerabilities, including seven high-, eight medium-, and five low-severity flaws.

Four of the high-severity bugs addressed in this Chrome release affect the browser’s V8 JavaScript and WebAssembly engine. Google paid $100,000 in bug bounty rewards for two of them.

Tracked as CVE-2025-12428, the first is a type confusion issue in V8 that earned Man Yue Mo of GitHub Security Lab $50,000. A similar reward was handed out to Aorui Zhang, who reported CVE-2025-12429, an inappropriate implementation defect in the JavaScript engine.

As usual, the internet giant has not shared technical details on the newly resolved vulnerabilities. However, based on the reward amounts handed out for these two bugs, it is possible that they could be exploited for remote code execution (RCE).

Google says it paid a $10,000 reward for a high-severity object lifecycle issue in Media, and $4,000 for a high-severity inappropriate implementation flaw in Extensions.

However, no rewards were handed out for three high-severity V8 defects that were discovered by Google’s Big Sleep AI agent, which was launched by Google DeepMind and Project Zero in November 2024.
Click to expand...
www.securityweek.com

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities

Google has released Chrome 142 to the stable channel with patches for 20 vulnerabilities, including seven high-severity flaws.
www.securityweek.com www.securityweek.com
 
  • Like
  • +Reputation
Reactions: Brownie2019, Khushal, Zero Knowledge and 4 others
Parkinsond said:
Asking G to sell chrome for monopoly issues is not the best idea; no competitor can pay for developing chromium as much as G.
Click to expand...
Why? Maintaining a web browser doesn't cost a lot of money, especially open source projects that also have volunteers. Google is far the only one offering bug bounty, millions of companies do the same.
 
  • Like
Reactions: Divine_Barakah and Parkinsond
Marko :) said:
Why? Maintaining a web browser doesn't cost a lot of money, especially open source projects that also have volunteers. Google is far the only one offering bug bounty, millions of companies do the same.
Click to expand...
Maintaining a browser definitely cost money; G pay for it and the rest of chromium clones, including Edge, get benefit of.
FF, without G finanacial support, would suffer more than already suffering.
Time to time, a new chromium clone with some nice UI or features appear, then dies in peace because the developers could not maintain (Thorium and others).
 
Last edited:
  • +Reputation
Reactions: Divine_Barakah
Marko :) said:
Why? Maintaining a web browser doesn't cost a lot of money, especially open source projects that also have volunteers. Google is far the only one offering bug bounty, millions of companies do the same.
Click to expand...
Building and maintaining a full modern web browser is extraordinarily expensive.

Mozilla spends an estimated ~$100–150 million/year maintaining Firefox/Gecko, and that's after earning most of their revenue from a search deal with Google. Some years ago they gave up on a new Rust engine (Servo) because it was too expensive to finish and maintain in parallel with Gecko.

Microsoft was spending over $100 million/year developing an independent browser and couldn't keep up.
 
  • Like
  • +Reputation
  • Applause
Reactions: Zero Knowledge, Divine_Barakah and Parkinsond
Parkinsond said:
Maintaining a browser definitely cost money; G pay for it and the rest of chromium clones, including Edge, get benefit of.
FF, without G finanacial support, would suffer more than already suffering.
Time to time, a new chromium clone with some nice UI or features appear, then dies in peace because the developers could not maintain (Thorium and others).
Click to expand...
I never said it doesn't cost anything. Obviously costs money, but if the project is open source, then it costs less than it would if it was closed source. You will always have volunteers that will help you with the browser.

These clones don't die because they don't have money, they are developed entirely by volunteers in their free time. They die because it isn't viable to develop a web browser no one will use; imagine developing something for few months just to have three users. Like Thorium was so popular I heard for it for the first time few months ago.
Miravi said:
Building and maintaining a full modern web browser is extraordinarily expensive.

Mozilla spends an estimated ~$100–150 million/year maintaining Firefox/Gecko, and that's after earning most of their revenue from a search deal with Google. Some years ago they gave up on a new Rust engine (Servo) because it was too expensive to finish and maintain in parallel with Gecko.

Microsoft was spending over $100 million/year developing an independent browser and couldn't keep up.
Click to expand...
This is nothing. Literally nothing compared to how many these companies earn.

Mozilla is different story. They are incompetent and this came to light during Google anti-trust case.

Regarding Microsoft, original Edge failed because Microsoft simply doesn't know how to create a browser and we already saw this with Internet Explorer. It's weird that a one of the richest companies in the world cannot make their own web browser. But I promise you, the issue with Microsoft in general isn't money. They simply don't have a clear vision of how any project should look like which is why their new products always fail.

Remember how many new features they implemented in Windows 10, just to have them deprecated in the next version because people didn't use them. Anything new Microsoft develops is destined to fail. Remember the Surface Duo? Yeah. This is what I'm talking about. Microsoft can only be happy because people got hooked to Windows and Office when PCs started to become popular. If they are developed today, they would struggle to get any users like Windows Phone or Surface lineup.
 
  • Hundred Points
Reactions: Parkinsond
That's a lot of mula for bugs, remember 25 years ago people would of just gone full discourse or sold them on some dodgy forum for $2K.
 
Zero Knowledge said:
That's a lot of mula for bugs, remember 25 years ago people would of just gone full discourse or sold them on some dodgy forum for $2K.
Click to expand...
200.gif
 
You must log in or register to reply here.

You may also like...