Security Experts:

Connect with us

Hi, what are you looking for?



Google Patches 8 Vulnerabilities in Chrome 77

Google this week announced an update for Chrome 77 that addresses 8 security vulnerabilities in the application, including 5 reported by external researchers.

Google this week announced an update for Chrome 77 that addresses 8 security vulnerabilities in the application, including 5 reported by external researchers.

The new browser update arrives only a couple of weeks after Google patched four security flaws with the release of Chrome 77.0.3865.90, including two vulnerabilities that, combined with another type of weakness, could result in a sandbox escape.

Previously, Google released Chrome 77 to the stable channel with patches for a total of 52 vulnerabilities.

The five externally reported bugs addressed this week are rated High severity and brought the reporting researchers a total of $45,000 in bug bounty rewards.

The most important of them is a use-after-free in IndexedDB, reported by Guang Gong of Alpha Team at Qihoo 360. Tracked as CVE-2019-13693, the vulnerability was awarded a $20,500 bounty.

Google also addressed a use-after-free in WebRTC, which is tracked as CVE-2019-13694 and which was reported by banananapenguin. The Internet giant has yet to provide information on the bounty amount paid for this issue.

The third vulnerability addressed this week is CVE-2019-13695, a use-after-free in an audio component that was reported by Man Yue Mo of Semmle Security Research Team and which was awarded a $15,000 bug bounty reward.

Another use-after-free issue was addressed in V8. Tracked as CVE-2019-13696, the security flaw brought Guang Gong of Qihoo 360 a $7,500 bug bounty.

The last of the externally reported flaws addressed in the new Chrome version is a cross-origin size leak tracked as CVE-2019-13697 and reported by Luan Herrera. Google paid a $2,000 bug bounty reward for this finding.

The new browser iteration is currently available for download for Windows, Mac, and Linux as Chrome 77.0.3865.120.

Overall, Google has paid over $110,000 in bug bounties to the external security researchers who reported vulnerabilities patched in Chrome 77.

Related: Google Awards $40,000 for Chrome Sandbox Escape Vulnerabilities

Related: Chrome 77 Released with 52 Security Fixes

Related: Chrome 76 Patches 43 Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet