Google has made changes to its Chrome 149 release announcement, revealing that it has fixed 429 vulnerabilities. Of these, 22 are considered critical and 87 are classified as dangerous. Critical vulnerabilities can potentially bypass all layers of browser protection and allow for the execution of code on the system outside the sandbox environment. While specific details have not been disclosed, it is mentioned that most critical issues stem from buffer overflow or access to already freed memory in various components such as ANGLE, Ozone, Chromecast, Chromoting, GFX, and GPU interaction processes. The highest reward for a reported vulnerability was $97,000.
Furthermore, a report on vulnerabilities in Android for June has been published, detailing a total of 124 vulnerabilities. Among these, 18 are considered critical. Of the critical vulnerabilities, 2 are found in frameworks that allow for remote attacks to execute code on the system without user interaction, while 13 critical vulnerabilities exist in system components enabling privilege escalation. Additionally, 3 critical issues have been identified in Qualcomm proprietary components.