A total of 24 of the addressed security defects were reported by external researchers. These include eight high-severity flaws, 11 medium-severity bugs, and five low-severity issues.
Three of the high-severity vulnerabilities reported by external researchers are use-after-free bugs impacting Swiftshader, DevTools, and WebRTC, for which Google handed out bounty rewards of $15,000, $4,000, and $3,000, respectively.
The internet giant’s advisory also mentions two type confusion flaws in V8 and CSS, awarded $10,000 and $7,000, respectively; a stack buffer overflow issue in Crash reporting, for which a $3,000 reward was paid; and two heap buffer overflow bugs in Metrics and UMA, for which rewards have yet to be determined.
