A new version of Google Chrome is available, and it contains patches for 43 security vulnerabilities, many of them in the high-risk category.
Two of the more serious vulnerabilities fixed in Chrome 44 are a pair of universal cross-site scripting bugs. One of the flaws is in blink, the Web layout engine in Chrome. The other one is in Chrome for Android. Universal XSS vulnerabilities allow attackers to exploit XSS bugs in browsers rather than on sites. Each of those vulnerabilities earned the researchers who reported them a $7,500 bug bounty from Google.
As part of that bounty program, Google paid out roughly $40,000 to external researchers who reported vulnerabilities to the company. Among the other vulnerabilities patched in this release are three heap buffer overflows in pdfium, the PDF rendering engine in Chrome. There also are a number of use-after-free bugs in various components patched in Chrome 44.
Here’s the list of vulnerabilities reported by external researchers:
[$3000][446032]High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.
[$3000][459215]High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.
[$TBD][461858]High CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to andrewm.bpi.
[$7500][462843]High CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team.
[$TBD][472614]High CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.
[$5500][483981]High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.
[$5000][486947]High CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.
[$1000][487155]**High **CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.
[$TBD][487928]High CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.
[$TBD][492052]High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa.
[$2000][493243]High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG.
[$7500][504011]High CVE-2015-1286: UXSS in blink. Credit to anonymous.
[$1337][419383]Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.
[$1000][444573]Medium CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen of OUSPG.
[$500][451456]Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva.
[479743]Medium CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined.
[$500][482380]Medium CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.
[$1337][498982]**Medium **CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes.
[$500][479162]Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to [email protected].
googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html
code.google.com/p/chromium/issues/detail?id=419383
code.google.com/p/chromium/issues/detail?id=444573
code.google.com/p/chromium/issues/detail?id=446032
code.google.com/p/chromium/issues/detail?id=451456
code.google.com/p/chromium/issues/detail?id=459215
code.google.com/p/chromium/issues/detail?id=461858
code.google.com/p/chromium/issues/detail?id=462843
code.google.com/p/chromium/issues/detail?id=472614
code.google.com/p/chromium/issues/detail?id=479162
code.google.com/p/chromium/issues/detail?id=479743
code.google.com/p/chromium/issues/detail?id=482380
code.google.com/p/chromium/issues/detail?id=483981
code.google.com/p/chromium/issues/detail?id=486947
code.google.com/p/chromium/issues/detail?id=487155
code.google.com/p/chromium/issues/detail?id=487928
code.google.com/p/chromium/issues/detail?id=492052
code.google.com/p/chromium/issues/detail?id=493243
code.google.com/p/chromium/issues/detail?id=498982
code.google.com/p/chromium/issues/detail?id=504011
code.google.com/u/117154691211413633534/
code.google.com/u/117154691211413633534/
code.google.com/u/117154691211413633534/
code.google.com/u/117154691211413633534/
code.google.com/u/117154691211413633534/
code.google.com/u/117154691211413633534/
code.google.com/u/117154691211413633534/
code.google.com/u/117154691211413633534/
code.google.com/u/117154691211413633534/
code.google.com/u/117154691211413633534/
code.google.com/u/117154691211413633534/
code.google.com/u/117154691211413633534/
code.google.com/u/117154691211413633534/
code.google.com/u/117154691211413633534/