In fact, all three of Chrome’s 2023 Zero Day exploits were found by Google's Threat Analysis Group. Chrome is based on Chromium, as are many other rival browsers, and the same vulnerabilities affect all these variants as well, but only Google is consistently declaring them.Īs the creator of Chromium, Google is also the first to issue patches and many of vulnerabilities are discovered in-house. In 2022, Google paid over $12M in bug bounties, including a record bounty of $605,000 for one critical exploit.Ĭonsequently, while casual observers may think Google’s continual reporting of vulnerabilities means Chrome is more insecure, the opposite is true.
As I have written before, Google’s robust reporting system and payment of high bounties for vulnerabilities encourages security researchers to sell their discoveries to Google rather than hackers.