Google this week released Chrome 64 in the stable channel with fixes for 53 security flaws and with additional mitigations against the web-exploitable “Spectre” CPU vulnerability.
Made public in the beginning of this year along with a bug called Meltdown, Spectre is a speculative side-channel attack technique impacting modern processors from Intel, AMD, and ARM. Putting billions of devices at risk, the two vulnerabilities have fueled an industry-wide race to release patches and mitigations.
In early December 2017, Google added Site Isolation to Chrome 63 as the first step in its attempt to mitigate these attack methods. The new Chrome release, available for Windows, Mac, and Linux as version 64.0.3282.119, brings additional mitigations against the speculative side-channel attack techniques.
The new browser iteration also includes an improved pop-up blocker, capable of preventing sites that employ abusive experiences from opening tabs or windows. Some of these deceptive tactics include masquerading links to third-party websites as play buttons or other site controls, or using transparent overlays on websites that capture all clicks and open new tabs or windows.
Site owners can check whether their websites have been found to use such abusive experiences by using the Abusive Experiences Report in Google Search Console. Thus, they can improve their user experience, Google says.
In addition to security improvements and fixes, Chrome 64 also brings some new features for developers, Google revealed in a blog post.
Of the 53 vulnerabilities that Chrome 64 patches, nearly half were discovered by external researchers, most of which are Medium and Low severity bugs.
Three High risk issues were resolved in the application: CVE-2018-6031 (Use after free in PDFium), CVE-2018-6032 (Same origin bypass in Shared Worker), and CVE-2018-6033 (Race when opening downloaded files). Google awarded the reporting researchers $3000, $2000, and $1000, respectively.
The Medium severity bugs addressed in Chrome 64 include an integer overflow issue in Blink, several insufficient isolation of devtools from extensions flaws, integer underflow in WebAssembly, insufficient user gesture requirements in autofill, heap buffer overflow in WebGL, XSS in DevTools, content security policy bypass, URL spoof issues in Navigation and OmniBox, insufficient escaping with external URL handlers, and cross origin URL leak in WebGL.
Google also resolved a referrer policy bypass bug in Blink, URL spoofing in Omnibox, UI spoof flaws in Permissions and in OmniBox, referrer leak in XSS Auditor, incomplete no-referrer policy implementation, leak of page thumbnails in New Tab Page, and use after free in WebUI vulnerabilities.
Overall, the Internet giant paid over $20,000 in bug bounties to the researchers who reported these vulnerabilities. However, the company hasn’t revealed all of the paid rewards yet.