Monday, September 7, 2015

Google Chrome 45 addresses 29 flaws

Google has released Chrome 45 to address 29 security flaws affecting Windows, Mac, and Linux platforms. According to Google advisory, Six issues are rated as CRITICAL allowing remote code execution. These high-severity issues addressed cross-origin bypass flaws in DOM, covered in CVE-2015-1291 and CVE-2015-1293, where as a cross-origin bypass issue occurs in Service Worker that is covered in CVE-2015-1292. Besides this, multiple use-after-free flaws in Skia (CVE-2015-1294) and Printing (CVE-2015-1295), and a character spoofing bug in the Omnibox address bar (CVE-2015-1296). The latest version also patched medium severity vulnerabilities in WebRequests, extensions and in the Blink web browser engine. Google credits security researchers Mariusz Mlynski, Rob Wu, Alexander Kashev, and experts using the online monikers taro.suzuki.dev, cgvwzq, cloudfuzzer, and zcorpan for finding vulnerabilities in the browser. So far, company has given rewards of $40,500 through bug bounty program. Morever, Google has decided to stop running Flash Ads due to various flaws found in Adobe Flash from time to time. Google is automatically converting most of the Flash ads uploaded to AdWords to HTML5, otherwise it can be done manually using a tool provided by the company. <more>

No comments: