Are you using Google Chrome? Perhaps you know that Google just released Chrome 74 to the Stable Desktop channel, and Windows, Mac, and Linux users can now download the most recent version of the browser. Note that Chrome 74 introduces new features and fixes security issues.
What’s New in Chrome 74?
Dark Mode is one of the new things that users will enjoy. It should be mentioned that this mode is connected to the Colors settings in Windows 10. Selecting the Dark Mode will have Chrome’s typically white background set to dark grey. The tabs however will be changed to dark blue.
However, being a cybersecurity website, we’re more interested in the security fixes. As mentioned, Chrome 74.0.3729.108 contains a number of fixes and improvements, including some high severity flaws. The vulnerabilities have been mostly reported by external researchers who received monetary compensation for their findings.
Here’s a list of the vulnerabilities and the rewards earned for each one of them:
[$3000] High CVE-2019-5805: Use after free in PDFium. Reported by Anonymous on 2018-12-10
[$3000] High CVE-2019-5806: Integer overflow in Angle. Reported by Wen Xu of SSLab, Georgia Tech on 2019-03-18
[$3000] High CVE-2019-5807: Memory corruption in V8. Reported by TimGMichaud of Leviathan Security Group. on 2019-03-26
[$3000] High CVE-2019-5808: Use after free in Blink. Reported by cloudfuzzer on 2019-03-28
[$N/A] High CVE-2019-5809: Use after free in Blink. Reported by Mark Brand of Google Project Zero on 2019-03-12
[$2000+$1,337] Medium CVE-2019-5810: User information disclosure in Autofill. Reported by Mark Amery on 2018-12-20
[$2000] Medium CVE-2019-5811: CORS bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-10-04
[$2000] Medium CVE-2019-5812: URL spoof in Omnibox on iOS. Reported by Khalil Zhani on 2019-01-26
[$2000] Medium CVE-2019-5813: Out of bounds read in V8. Reported by Aleksandar Nikolic of Cisco Talos on 2019-03-15
[$1000] Medium CVE-2019-5814: CORS bypass in Blink. Reported by @AaylaSecura1138 on 2019-02-08
[$1000] Medium CVE-2019-5815: Heap buffer overflow in Blink. Reported by Nicolas Grégoire, Agarri on 2019-02-11
[$1000] Medium CVE-2019-5816: Exploit persistence extension on Android. Reported by Yongke Wang of Tencent’s Xuanwu Lab (xlab.tencent.com) on 2019-03-10
[$1000] Medium CVE-2019-5817: Heap buffer overflow in Angle on Windows. Reported by Wen Xu of SSLab, Georgia Tech on 2019-03-19
[$500] Medium CVE-2019-5818: Uninitialized value in media reader. Reported by Adrian Tolbaru on 2019-02-08
[$N/A] Medium CVE-2019-5819: Incorrect escaping in developer tools. Reported by Svyat Mitin on 2019-01-06
[$N/A] Medium CVE-2019-5820: Integer overflow in PDFium. Reported by pdknsk on 2019-01-07
[$N/A] Medium CVE-2019-5821: Integer overflow in PDFium. Reported by pdknsk on 2019-01-07
[$500] Low CVE-2019-5822: CORS bypass in download manager. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-01-29
[$500] Low CVE-2019-5823: Forced navigation from service worker. Reported by David Erceg on 2019-02-08