Spain
Portugal
Google's product, which is widely in demand among hackers from the point of view of exploitation - Chrome, has received regular updates.
Six security holes were fixed in Chrome 109, including four that were reported to Google by external researchers, for which they received $ 25,000.
Two of them are serious post—release usage errors affecting WebTransport and WebRTC components, the discovery of which is attributed to researchers Cheech Kim and Cassidy Kim, who earned a total of $19,000.
Vulnerabilities were assigned CVE-2023-0471 and CVE-2023-0472, respectively.
Errors of this type in Chrome can be used to RCE and exit the sandbox, but in many cases they should be combined with other bugs.
The released Chrome patch also solves the problem of medium severity CVE-2023-0473 related to the confusion in ServiceWorker AP, which was reported by the KunLun laboratory.
Another error after release (CVE-2023-0474) of a similar level affects GuestView.
The full list of changes in the released assembly can be viewed in the log.
None of these vulnerabilities, according to Google's sworn assurances, were used in real conditions.
But despite the transparency policy, the company itself has repeatedly admitted that this "does not mean that exploitation did not occur."
Last year, the tech giant admitted that attackers are using more and more vulnerabilities in Chrome, which has become a whole trend.
However, the statistics do not correspond to it a bit: the number of Chrome Zero-Day vulnerabilities reached 14 in 2021, compared with 8 in 2020 and 2 in 2019, and in 2022 it decreased to 8.
But this is no longer about the foreign sector, but rather to the question of the best business practices for reputation management.
