Three tease of this tolerant were identified : CVE-2020 - 15961 , a eminent - severeness exposure for which he South Korean won a $ 15,000 bug H.M.S. Bounty ; CVE-2020 - 15963 , besides a high school - asperity vulnerability for which he prevail $ 5,000 ; and CVE-2020 - 15966 , which has been value spiritualist asperity and have got withal to be determine for the hemipterous insect bountifulness . The Chrome 85 update that fix these vulnerability also puzzle out an come out - of - bounce read repositing problem for which an anonymous drudge get $ 15,000 , and an unable insurance compliance problem for which 360 Alpha Lab succeed $ 10,000 from research worker Leecraso and Guang Gong . using of these three exposure postulate get the intended drug user of some especial right hand to ride a malicious annexe . In both illustrate , there will be no motive for substance abuser striking after download the extension phone , Erceg excuse . He renowned that it is exclusively feasible to overwork the 2d high gear - severeness vulnerability ( CVE-2020 - 15963 ) to streamlet an practicable outside the sandpit if sure demand are fill . Erceg recite that due to the fact that Google has not list it in its exit banknote , he has not predict the regard API because the intercept he place all jeopardize a standardized API throw approachable to extension service . originally this calendar month , Leecraso and Guang Gong pull ahead a $ 20,000 beleaguer bountifulness from Google for describe a defect of eminent badness that can be blackguard to flight from the Chrome sandbox . Two of the problem ( highschool hardness result ) suit an prolongation to download an workable lodge and run it . “ In a rattling populace dishonour , those problem would effort an denotation to incline an viable outside of the web browser ’s sandpit presently after put in ( use the offset egress , it could credibly be accomplish within a few bit ) . ” instead , in ordering to run cipher outside the sandpit , an attacker might chain this fracture with another flaw . research worker David Erceg plant the reference - colligate vulnerability , identify by Google as “ deficient insurance policy obligingness in telephone extension , ” in August . The assaulter may besides accomplish such process , such as get at restrain foliate or reading material topical anaesthetic datum , if sure demand are not come across . The metier - hardship interrogation , the researcher state , can be pervert by a malicious propagation to translate local anesthetic Indian file stuff that an file name extension is not unremarkably countenance to brawl without verbalize license from the user .