Google stated on Tuesday that Chrome 119 has been pushed to the stable channel, fixing 15 vulnerabilities, 13 of which were found by outside researchers. Three issues that were reported externally have been assigned a severity level of “high.” They are identified as integer overrun in USB (CVE-2023-5849), improper data validation in USB (CVE-2023-5482), and unsuitable implementation in Payments (CVE-2023-5480).
In its advisory, Google states that it has already paid out $16,000 for the first bug and $11,000 for the second, and that it is still deciding how much money should be given for the third. Eight of the ten security flaws that were still discovered by outside researchers are classified as having “medium severity,” and two are classified as having “low severity.”