Google Patches 43 Bugs in Chrome

[RV_]

Google pays a lot for good guys to find vulnerabilities before the bad guys do. The only downside for users is that the vulnerabilities get lots of exposure when patched. So having a more secure browser still warrants diligence for new versions.

 

Excerpt:

 

"A new version of Google Chrome is available, and it contains patches for 43 security vulnerabilities, many of them in the high-risk category.

 

Two of the more serious vulnerabilities fixed in Chrome 44 are a pair of universal cross-site scripting bugs. One of the flaws is in blink, the Web layout engine in Chrome. The other one is in Chrome for Android. Universal XSS vulnerabilities allow attackers to exploit XSS bugs in browsers rather than on sites. Each of those vulnerabilities earned the researchers who reported them a $7,500 bug bounty from Google.

 

As part of that bounty program, Google paid out roughly $40,000 to external researchers who reported vulnerabilities to the company. Among the other vulnerabilities patched in this release are three heap buffer overflows in pdfium, the PDF rendering engine in Chrome.

 

There also are a number of use-after-free bugs in various components patched in Chrome 44.

 

Here’s the list of vulnerabilities reported by external researchers:"

See the list and more in the article at: https://threatpost.com/google-patches-43-bugs-in-chrome/113892#sthash.FfJTWrUd.dpuf