Google announced on Tuesday that Chrome 43 is available for download. The latest release contains numerous improvements and fixes, including patches for a total of 37 security bugs.
The most serious vulnerability fixed in Chrome 43 is a sandbox escape (CVE-2015-1252) reported by an anonymous researcher. Google awarded the expert $16,337 for responsibly disclosing this high severity flaw.
A high severity cross-origin bypass in DOM (CVE-2015-1253), which Google rewarded with $7,500, was also credited to an anonymous researcher.
Armin Razmdjou of Rawsec was awarded $3,000 for reporting a cross-origin bypass in Editing (CVE-2015-1254). Khalil Zhani got the same amount for a use-after-free vulnerability affecting WebAudio (CVE-2015-1255) and an additional $1,000 for a medium impact use-after-free in WebRTC.
Atte Kettunen of OUSPG, who has often found security holes in web browsers, was awarded a total of $3,000 for a high severity use-after-free flaw in SVG (CVE-2015-1256) and a medium-severity issue in PDFium (CVE-2015-1259). The researcher known as “SkyLined” reported a serious use-after-free flaw in Speech through HP’s Zero Day Initiative, but his reward hasn’t been determined yet.
The other medium and low severity issues fixed by Google with the release of Chrome 43 have been described as a container overflow in SVG, a negative-size parameter issue in Libvpx, a URL bar spoofing bug, an uninitialized value in Blink, insecure download of spellcheck dictionary, and a cross-site scripting (XSS) vulnerability in bookmarks.
The list of people credited for reporting these security bugs includes miaubiz, cloudfuzzer, Juho Nurminen, Mike Ruddy, and K0r3Ph1L. Some issues have also been identified by Google’s own security team.
The rewards paid out by Google for all the vulnerabilities fixed in Chrome 43 so far total more than $38,000, but it’s worth noting that not all reports have gone through the reward panel yet.
Chrome 43 also introduces the “Upgrade Insecure Requests” content security policy (CSP). The CSP can be used to automatically upgrade HTTP requests to HTTPS before they are fetched by the browser.
When a page containing references to HTTP URLs is accessed through HTTPS, mixed-content warnings might be displayed. The CSP helps avoid such warnings.
“We encourage authors to transition their sites and applications away from insecure transport, and onto encrypted and authenticated connections, but mixed content checking causes headaches. This feature allows authors to ask the user agent to transparently upgrade HTTP resources to HTTPS to ease the migration burden,” explained Chromium developers.
