RV_ Posted June 6, 2017 Report Share Posted June 6, 2017 Excerpt: "Google on Monday released the latest stable version of Chrome that includes patches for 30 vulnerabilities, including five high severity issues. The company paid out $23,500 to external researchers for the vulnerabilities, including $7,500 for a type confusion vulnerability in V8, the open source JavaScript engine Google uses for the browser. The fix was a relatively quick one for Google; Zhao Qixun, a researcher with Qihoo 360’s Vulcan Team, discovered the vulnerability just three weeks ago. The update also helps resolve a high severity out-of-bounds read vulnerability in V8, two high severity use-after-free vulnerabilities–one in the browser’s print preview feature, another in its Bluetooth app functionality–and a vulnerability that could have enabled address spoofing in the browser’s Omnibox address bar. Address spoofing vulnerabilities continue to be a problem for Chrome. Google has fixed roughly a dozen of them in the browser since last September, including three in Monday’s Chrome 59 update, three in April’s Chrome 58 update – including one that could’ve led to unicode phishing attacks, two in Chrome 57 in March, and two in Chrome 56 in January. Attackers traditionally used the vulnerabilities to trick users into visiting unintended sites, often ones hosting malware. The high, medium, and low-severity bugs in Chrome that earned bounties are:" The details are in the full article here: https://threatpost.com/google-fixes-30-vulnerabilities-five-high-severity-in-chrome-59/126091/ RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.