Google released versions 114.0.5735.90/91 for the Chrome browser on Linux. Mac and Windows yesterday. The update includes fixes to 16 security issues, half of which were rated High.
If you use the Chrome browser, check for updates when you get a chance, and be sure to close and reopen the browser to ensure the updates are fully applied.
Google paid out just over $65k in bug bounties to 11 security researchers for responsibly reporting these issues so they could be addressed.
Google paid out a record $12 million in bug bounties in 2022, up from $8.7 the prior year. The highest reward in 2022 was $605k for the discovery of a five-bug chain in the Android operating system. Google has one of the largest bug bounty programs in the tech industry, and it has been running continuously since 2010.
Why bug bounty programs are valuable:
Bug bounties provide an opportunity for security researchers to identify and report vulnerabilities in a controlled environment, which can then be fixed before they are exploited by malicious actors.
They incentivize security researchers to disclose vulnerabilities responsibly rather than selling them on the black market or using them for malicious purposes.
They can help organizations improve their overall security posture and reduce the risk of a successful attack by increasing the number of security researchers available.
High CVEs: CVE-2023-2929, CVE-2023-2930, CVE-2023-2931, CVE-2023-2932, CVE-2023-2933, CVE-2023-2934, CVE-2023-2935, CVE-2023-2936
CVE (Common Vulnerabilities and Exposures) - a publicly disclosed cybersecurity vulnerability or exposure that has been assigned a unique identifier for tracking and reference purposes. It allows security researchers, vendors, and users to easily identify and discuss specific vulnerabilities in a consistent manner.
Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.