Many users are surprised to learn that Google pays Apple for discovering and reporting security vulnerabilities in its web browser, Chrome. Recently, Apple’s Security Engineering and Architecture team found a high-severity security flaw in Chrome, and Google confirmed this. As a reward, Google paid the SEAR team a bug bounty of $15,000.
The SEAR team at Apple is responsible for providing security foundations for all their products, including Mac, iPhone, iPad, Apple Watch, and Apple TV. While they primarily focus on Apple’s own systems, they also make responsible disclosures if they find vulnerabilities in third-party products.
The specific vulnerability found in Chrome is related to its WebGL implementation, which allows interactive graphics to be rendered in the browser without plug-ins. This bug is an “out of bounds read and write” vulnerability, potentially affecting confidentiality, integrity, and availability of data.
Fortunately, no known exploits are currently available, and Google has fixed the issue through an update.