The first Chrome security update of 2024 was released by Google on Wednesday. It fixes six vulnerabilities, four of which were discovered by outside researchers. Google states in its alert that just three of the four externally reported security problems were awarded bug bounty incentives, despite the fact that all four are high-severity memory safety issues.
The first two issues are heap buffer overflow and use-after-free vulnerabilities in the graphics rendering engine ANGLE, which are listed as CVE-2024-0223 and CVE-2024-0222.x000D Researchers from Qrious Secure reported both problems, and they were each awarded a $15,000 bug bounty.