AI Agent Finds 21 FFmpeg Zero-Days; Chrome Fixes 429 Bugs

An AI agent has discovered 21 previously unknown vulnerabilities in FFmpeg, a critical media library. This comes as Google's Chrome 149 release patched a record 429 security bugs. The AI-found bugs in FFmpeg, some latent for up to 23 years, are mostly heap or stack overflows. The security startup depthfirst found these issues for an estimated cost of around $1,000. Many have already received CVE identifiers. Meanwhile, Chrome's new update includes fixes for over 100 critical or high-severity vulnerabilities. The worst of these, a critical out-of-bounds read and write bug, allowed code execution outside the sandbox. Google paid $97,000 for this specific flaw. This surge in bug reports, partly driven by AI-generated submissions, highlights how artificial intelligence is rapidly increasing the number of vulnerabilities discovered. This means developers must now deal with more security flaws faster than ever before.