Google patches 29 vulnerabilities in latest Chrome release

Cross-origin bypass flaws alongside disabling Flash-based ads dominate this round of updates.
Written by Charlie Osborne, Contributing Writer
Google has patched 29 security flaws, many of them deemed critical, in the latest update to the Chrome browser.

On Tuesday, Google pushed Chrome 45 for Windows, Mac and Linux to the stable channel and for public release. As part of the Chrome 45.0.2454.85 update, 29 bugs have been fixed, and a number of improvements have been made.

The most critical issues fixed in this update were three cross-origin bypass problems, which netted researchers $7500 in each case. In addition, a bug bounty hunter earned $5000 for a use-after-free vulnerability in Skia.

As part of Google's bug bounty program, researchers are awarded financial rewards based on the severity of the security flaw. The now-patched vulnerabilities earned researchers cash rewards ranging from $1000 to $7500. In total, $40,500 has been awarded to security researchers.

The full list of vulnerabilities submitted by external researchers is below:

  • [516377 ] High CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous.
  • [522791] High CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski.
  • [524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [492263] High CVE-2015-1294: Use-after-free in Skia. Credit to cloudfuzzer.
  • [502562] High CVE-2015-1295: Use-after-free in Printing. Credit to anonymous.
  • [421332] High CVE-2015-1296: Character spoofing in omnibox. Credit to zcorpan.
  • [510802] Medium CVE-2015-1297: Permission scoping error in WebRequest. Credit to Alexander Kashev.
  • [518827] Medium CVE-2015-1298: URL validation error in extensions. Credit to Rob Wu.
  • [416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit to taro.suzuki.dev.
  • [511616] Medium CVE-2015-1300: Information leak in Blink. Credit to cgvwzq.

In addition, Chrome's security team patched a variety of problems based on internal audits, fuzzing and other initiatives.

If you are a Comodo user, it is probably worth waiting for downloading the latest update, as some users are reporting crash at startup problems, and the bug is yet to be resolved.

Last week, Google revealed plans to "pause" Flash-based advertisements through the Chrome browser. In order to watch these ads, Chrome users now need to manually consent to view the content.

In July, Google released a Chrome update which fixed a number of flaws including universal cross-site scripting (UXSS) flaws and heap buffer overflow problems.

20 must-have back to school, college gadgets and gifts

Read on: Top picks

In pictures:

Editorial standards