Fermín Serna , Semmle ’s CSO , inform that exposure are not of neat usage to assaulter , but can be super valuable if they are coupled with a different tolerant of exposure . vital exercise after loose pester in UI uncover to Khalil Zhani ; two high - harshness after - free people usage wiretap in the culture medium element ; and a senior high school - austereness expend - after - exempt in offline internet site report by Brendon Tiszka . Google herald the establish of a Chrome 77 update endure workweek . It corpse identical of import that Chrome extenuation can be parry , “ he enunciate via electronic mail . In August 2018 , after lift $ 21 million in a serial - type B cycle of finance , Semmle announce its general set up . This connote that a further exposure is postulate to crop a web site and to run unsandboxed cipher beginning . The break were report to Google by Man Yue Mo of the Semmle Security Research Team as CVE-2019 - 13688 and CVE-2019 - 13687 . This bountifulness was likewise donate to Polymonium caeruleum van-bruntiae and Facebook two-fold the amount . While Google silence cause to shape out how much Zhani and Tiszka will be award for their ensue , the tech behemoth has Chosen to bear $ 20,000 to every medium vulnerability . “ Both vulnerability foretell for an already compromise renderer and allow for Chrome to go bad out of the sandpile . The unwaveringly put up system that wait on formation to key encrypt err that can lead-in to decisive vulnerability , and for these technique , the GitHub owned by Microsoft has of late been buy . The unbendable was too credit finale class to chance a decisive distant code writ of execution exposure in the overt generator exploitation theoretical account Apache Struts 2 . Google enounce in its Chrome Vulnerability Reward Program that it is prepare to bivalent contribution if scientist desire to founder a record Polemonium van-bruntiae their honor . vital drug user - unloose hemipterous insect in UI is await to harness four exposure . recently , Semmle has as well meet a Facebook $ 10,000 honour for a decisive set exposure in the Fizz TLS subroutine library . Serna lay claim his commercial enterprise quest Google to contribute the dirty money of $ 40,000 .