Lucene search

K
threatpostDennis FisherTHREATPOST:768A433C1DF8D5AAD5BEEFEDAE6E7E8A
HistoryJun 22, 2015 - 12:05 p.m.

Google Fixes Handful of Bugs in Chrome

2015-06-2212:05:47
Dennis Fisher
threatpost.com
9

0.006 Low

EPSS

Percentile

76.5%

Google has fixed several vulnerabilities in Chrome, including a pair of cross-origin bypasses and a high-risk scheme validation error.

The new release updates Chrome to version 43.0.2357.130 and there are patches for other security flaws as well, though Google has only published information on four of them. One of the vulnerabilities, the scheme-validation error, earned the researcher who reported it to Google a $5,000 bug bounty.

The published list of patched vulnerabilities in Chrome include:

[$5000][464922] High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.

[TBD][494640] High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.

[TBD][497507] Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.

[TBD][461481] Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy.

Google maintains a release schedule for Chrome that enables the company to patch vulnerabilities as needed. Some other companies, most notably Microsoft, patch their browsers on a regular basis, often releasing new versions that include a dozen or more patches. Google may release two or three new versions in a given month, or none at all, depending upon what’s needed.

Users can upgrade to the latest version of Chrome by going to the About Google Chrome option in the Setting menu.

0.006 Low

EPSS

Percentile

76.5%

Related for THREATPOST:768A433C1DF8D5AAD5BEEFEDAE6E7E8A