Saturday, September 6, 2014

50 security fixes for Google Chrome

Google Chrome latest version 37.0.2062.94 got 50 security fixes last Tuesday. Security researcher 'lokihardt@asrt' received a huge amount of $30,000 for finding out flaws in Chrome JavaScript engine V8, the Inter-process Communication (IPC), the data synchronization component and extensions. Most of the vulnerabilities allow remote code execution. Besides this other researchers found use-after-free vulnerabilities in DOM, SVG and bindings, spoofing of the extension permission dialog, uninitialized memory read in WebGL and Web Audio. Researchers who worked with the Chrome development also discovered flaws based on internal audits, fuzzing and other types of activities through Address Sanitizer tool. <more>

No comments: