Google informed Chrome users on Tuesday that an update for version 89 includes eight security fixes, including for six vulnerabilities reported by external researchers.
The highest reward, $20,000, was awarded to researchers Leecraso and Guang Gong of the 360 Alpha Lab at Qihoo 360. The issue was described by Google as a use-after-free in screen capture.
Leecraso told SecurityWeek that the vulnerability, tracked as CVE-2021-21194, can be exploited to escape the Chrome sandbox. If exploited in combination with a renderer bug, it can allow an attacker to remotely execute arbitrary code outside the Chrome sandbox on the targeted user’s device.