Home > Cyber News > Google Chrome More Secure After 159 Security Flaws Get Fixed
CYBER NEWS

Google Chrome More Secure After 159 Security Flaws Get Fixed

Google-Chrome-More-Secure-159 Security-Flaws-Fixed159 security issues have been discovered and fixed for the new, now more stable version of Google Chrome.

The combination of IPC (Inter-Process Communication) and V8 vulnerabilities is among the most striking of the bugs discovered on Google Chrome. It could lead to remote code execution outside the sandbox. The person who has discovered it, the researcher Jüri Aedla, has been offered $27,633 as a “thank you” for the good work.

The rewards within the bug bounty program initiated by Google have been recently increased to $15,000 for a sandbox escape bug that is adequately reported.

A significant layer of defense in Google Chrome is the ability to restrict processes running in an isolated environment. This way malware cannot gain persistency on the system, neither it can read arbitrary files on the computer. What’s more important, sandboxed processes, and any eventual bug they are affected by, cannot write to disk.

And the Reward Goes To…

113 out of all 159 bugs found, were minor. They were discovered with the help of MemorySanitizer – a tool that discovers uninitialized memory read in C and C++.

Collin Payne and Atte Kettunen of the Oulu University Secure Programming Group (OUSPG) received $23,000 for their efforts, working together with the Google team on the development cycle to stop further security flaws from reaching the stable version.

Here are other notable bugs which were discovered and fixed:

  • Use-after-free glitches in DOM, Rendering, Events and Web Workers
  • Out-of-bounds read errors in the PDF rendering engine of Chrome

The Google developers have managed to take care of permissions bypass flaw, discovered in Windows sandbox and a data leak in XSS Auditor.

Your Browser Will Switch to the New Release Automatically

The latest release is available for all supported PC platforms and has a built-in automatic update mechanism. In case the browser is not updated as it is started, it will after the user restarts his machine.

Soon after the Chrome update, new versions for other browsers that rely on its engine are to be expected.

Avatar

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...