GitHub Shares Details on Six Chrome Vulnerabilities
GitHub has released new information on six vulnerabilities that were uncovered by one of its security researchers. The vulnerabilities are in the WebAudio component of Chrome. The vulnerabilities were reported to Google by GitHub Security Lab in February and March. The security researcher identified several Chrome sandbox escape vulnerabilities, and Google has since paid out tens of thousands of dollars for them.
The security issues were all classified as high severity, and have since been patched by Google in Chrome 80. The vulnerabilities affect the WebAudio component in Chrome which is used for implementing Web Audio API. This specific API controls audio on the web, allowing developers to choose audio sources and add effects.