Google Chrome latest version 37.0.2062.94 got 50 security fixes last Tuesday. Security researcher 'lokihardt@asrt' received a huge amount of $30,000 for finding out flaws
in Chrome JavaScript engine V8, the Inter-process Communication (IPC),
the data synchronization component and extensions. Most of the vulnerabilities
allow remote code execution. Besides this other researchers found
use-after-free vulnerabilities in DOM, SVG and bindings, spoofing of the
extension permission dialog, uninitialized memory read in WebGL and Web
Audio. Researchers who worked with the Chrome development also
discovered flaws based on internal audits, fuzzing and other types of
activities through Address Sanitizer tool. <more>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment