Google engineers released an updated version of the browser last week Chrome 85, where a critical vulnerability was fixed that allowed to escape from the sandbox.
The problem received the identifier CVE-2020-6573, and in August of this year it was discovered by two experts from the Chinese company Qihoo 360. The researchers told the publication SecurityWeekthat they managed to exploit the bug only in Chrome on Android, but the bug posed a danger to all versions of the browser, and a fix was released for all platforms, including Windows, Mac and Linux.
The researchers stressed that they are not aware of real-world attacks that would exploit this problem.
Google paid experts $ 20,000 for this vulnerability, and this is far from the limit for such bugs. So, last year for other vulnerabilities, also related to escaping from the sandbox (CVE-2019-13688 and CVE-2019-13687), the information security specialists of Semmle received $ 40,000.