Google pushed out on Wednesday a new version of its Chrome browser (40.0.2214.91) and along with it paid out more than two dozen bounties, including 16 for memory corruption vulnerabilities.
In all, 62 security vulnerabilities were patched, 17 of those considered high severity bugs by Google.
Most of those high-severity vulnerabilities were memory corruption or use-after-free vulnerabilities in a number of Chrome components, including ICU, V8, FFmpeg and DOM.
A researcher credited as cloudfuzzer cashed in with $12,000 worth of bounties, including three critical bugs. Another reporter known as yangdingning was awarded $9,000 for his finds.
Here is the list of public vulnerabilities patched in Chrome 40.
[$5000][430353] High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.
[$4500][435880] High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.
[$4000][434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer.
[$4000][422824] High CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.
[$3500][444695] High CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.
[$3500][435073] High CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.
[$3000][442806] High CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.
[$3000][442710] High CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.
[$2000][443115] High CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][429666] High CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen of OUSPG.
[$2000][427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit to aohelin.
[$2000][427249] High CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.
[$2000][402957] High CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.
[$1500][428561] High CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.
[$1500][419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen of OUSPG.
[$1000][416323] High CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen of OUSPG.
[$1000][399951] High CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada.
[$1000][433866] Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.
[$1000][428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen of OUSPG and Christoph Diehl.
[$1000][426762] Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.
[$1000][422492] Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
[$1000][418881] Medium CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
[$1000][414310] Medium CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
[$1000][414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.
[$500][430566] Medium CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck.
[$500][414026] Medium CVE-2014-7948: Caching error in AppCache. Credit to jiayaoqijia.
Google said it awarded an additional $35,000 in bounties to Atte Kettunen of OUSPG, Christian Holler, cloudfuzzer and Khalil Zhani for work done during the development cycle to keep vulnerabilities out of the stable release.
This is the first Chrome release of the year; in November, Chrome 39 was released and included removal of support for the fallback to SSL 3.0, the target of the POODLE attack.
googlechromereleases.blogspot.ro/2015/01/stable-update.html
threatpost.com/bypass-demonstrated-for-microsoft-use-after-free-mitigation-in-ie/110570
threatpost.com/google-removes-sslv3-fallback-support-from-chrome/109455
code.google.com/p/chromium/issues/detail?id=399951
code.google.com/p/chromium/issues/detail?id=402957
code.google.com/p/chromium/issues/detail?id=414026
code.google.com/p/chromium/issues/detail?id=414109
code.google.com/p/chromium/issues/detail?id=414310
code.google.com/p/chromium/issues/detail?id=416323
code.google.com/p/chromium/issues/detail?id=418881
code.google.com/p/chromium/issues/detail?id=419060
code.google.com/p/chromium/issues/detail?id=422492
code.google.com/p/chromium/issues/detail?id=422824
code.google.com/p/chromium/issues/detail?id=426762
code.google.com/p/chromium/issues/detail?id=427249
code.google.com/p/chromium/issues/detail?id=427266
code.google.com/p/chromium/issues/detail?id=428557
code.google.com/p/chromium/issues/detail?id=428561
code.google.com/p/chromium/issues/detail?id=429666
code.google.com/p/chromium/issues/detail?id=430353
code.google.com/p/chromium/issues/detail?id=430566
code.google.com/p/chromium/issues/detail?id=433866
code.google.com/p/chromium/issues/detail?id=434136
code.google.com/p/chromium/issues/detail?id=435073
code.google.com/p/chromium/issues/detail?id=435880
code.google.com/p/chromium/issues/detail?id=442710
code.google.com/p/chromium/issues/detail?id=442806
code.google.com/p/chromium/issues/detail?id=443115
code.google.com/p/chromium/issues/detail?id=444695