Friday, January 30, 2015

62 vulns fixed in Google Chrome 40

Google rolled out latest version of Chrome 40, addresses 62 security flaws. Chrome 40 is available on Windows, Mac and Linux platforms. According to advisory, most of the vulnerabilities are rated HIGH - SSL 3.0 has also been completely disabled to avoid any security issues arising from Heartbleed and POODLE attacks, so that users can enjoy risk-free surfing over the web. Google bug bounty program is quite popular in the security arena, as thousands of dollars are rewarded to security researchers. A researcher identified as 'yangdingning' got $9,000 for reporting two memory corruption vulnerabilities in ICU. Another researcher Collin Payne revealed use-after-free flaw in the IndexedDB is rewarded $4,500. Besides this, use-after-free issues in WebAudio, DOM, FFmpeg, Speech, Views are patched in the latest version. Chrome 40 also patched several memory corruption flaws in V8, Fonts. <more>

No comments: