alt Hacker News"Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera."
That's pretty bad! I wonder what kind of bounty went to the researcher.
Replies
deanc • today at 6:42 PM
Presumably this affects all electron apps which embed chrome too? Don’t they pin the chrome version?
➕ show 1 reply
pjmlp • today at 5:13 PM
Yeah, but lets keeping downplaying use-after-free as something not worth eliminating in 21st century systems languages.
➕ show 1 reply
> That's pretty bad! I wonder what kind of bounty went to the researcher.
I'd be surprised if it's above 20K$.
Bug bounties rewards are usually criminally low; doubly so when you consider the efforts usually involved in not only finding serious vulns, but demonstrating a reliable way to exploit them.