Google patches 29 vulnerabilities in latest Chrome release

Cross-origin bypass flaws alongside disabling Flash-based ads dominate this round of updates.

chrome-a512.png
Google has patched 29 security flaws, many of them deemed critical, in the latest update to the Chrome browser.

On Tuesday, Google pushed Chrome 45 for Windows, Mac and Linux to the stable channel and for public release. As part of the Chrome 45.0.2454.85 update, 29 bugs have been fixed, and a number of improvements have been made.

The most critical issues fixed in this update were three cross-origin bypass problems, which netted researchers $7500 in each case. In addition, a bug bounty hunter earned $5000 for a use-after-free vulnerability in Skia.

As part of Google's bug bounty program, researchers are awarded financial rewards based on the severity of the security flaw. The now-patched vulnerabilities earned researchers cash rewards ranging from $1000 to $7500. In total, $40,500 has been awarded to security researchers.

must read

Digital transformation: Making it work in the real world

It takes more than shiny new technologies to remake business processes. Here are a few ideas on how to make digital transformation projects work in your organisation.

The full list of vulnerabilities submitted by external researchers is below:

  • [516377 ] High CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous.
  • [522791] High CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski.
  • [524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [492263] High CVE-2015-1294: Use-after-free in Skia. Credit to cloudfuzzer.
  • [502562] High CVE-2015-1295: Use-after-free in Printing. Credit to anonymous.
  • [421332] High CVE-2015-1296: Character spoofing in omnibox. Credit to zcorpan.
  • [510802] Medium CVE-2015-1297: Permission scoping error in WebRequest. Credit to Alexander Kashev.
  • [518827] Medium CVE-2015-1298: URL validation error in extensions. Credit to Rob Wu.
  • [416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit to taro.suzuki.dev.
  • [511616] Medium CVE-2015-1300: Information leak in Blink. Credit to cgvwzq.

In addition, Chrome's security team patched a variety of problems based on internal audits, fuzzing and other initiatives.

If you are a Comodo user, it is probably worth waiting for downloading the latest update, as some users are reporting crash at startup problems, and the bug is yet to be resolved.

Last week, Google revealed plans to "pause" Flash-based advertisements through the Chrome browser. In order to watch these ads, Chrome users now need to manually consent to view the content.

In July, Google released a Chrome update which fixed a number of flaws including universal cross-site scripting (UXSS) flaws and heap buffer overflow problems.

Read on: Top picks

In pictures:

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All