Google issues Chrome security fixes in fresh update

Google has released an update to cure security flaws including cross-origin bypasses.


Google has released a new update for the Chrome browser which cures a number of security problems including two cross-origins bypass flaws and a scheme validation error.

The latest release of the Chrome browser, version 43.0.2357.130 for Windows, Mac, and Linux, includes release notes on four security problems contributed by four third-party researchers. One of the reported flaws, a scheme validation error reported by an anonymous researcher, earned them $5000 as a bug bounty. Other rewards are yet to be decided.

The list of fixes is below:

[464922] High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.

[494640] High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.

[497507] Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.

[461481] Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy.

In related news, earlier this month Google boosted bug discovery in Android with the launch of the new Android Security Rewards program. Valid bugs submitted through the program earn a minimum reward of $500, with rewards reaching up to $8,000 for particularly interesting or nasty security flaws.

Read on: 14 Chrome browser extensions for a streamlined experience

Read on: Top picks