Security Experts:

Chrome 65 Patches 45 Vulnerabilities

Released in the stable channel this week, Chrome 65 brings 45 security fixes, including 27 patches for vulnerabilities discovered by external researchers.

The browser also includes an updated JavaScript engine, namely V8 version 6.5. Announced in early February and initially made available in Chrome 65 Beta, the new V8 engine includes an untrusted code mode meant to mitigate the latest speculative side-channel attack called Spectre.

The 27 vulnerabilities reported by researchers include 9 security flaws assessed with a High severity rating, 15 bugs considered Medium risk, and 3 issues with a Low severity rating.

Google rewarded the researchers over $34,000 in bug bounties, but hasn’t provided details on all payouts in the published advisory.

The most important of the addressed bugs are two High risk use after free in Flash (CVE-2018-6058 and CVE-2018-6059). Both were reported by JieZeng of Tencent Zhanlu Lab in August 2017 and were awarded a $5,000 bounty each.

Google also addressed a Use after free in Blink (CVE-2018-6060) and a Race condition in V8 (CVE-2018-6061) – two High severity flaws awarded $3,000 each –, as well as a Heap buffer overflow in Skia (CVE-2018-6062) – awarded $1,000.

Other High risk issues resolved in Chrome 65 include two incorrect permissions on shared memory bugs, one Type confusion in V8, and one Integer overflow in V8.

The most important of the Medium risk issues was CVE-2018-6066, a Same Origin Bypass via canvas that was awarded a $4,000 bounty.

Other Medium severity issues addressed in this release include Buffer overflow in Skia, Object lifecycle issues in Chrome Custom Tab, Stack buffer overflow in Skia, CSP bypass through extensions, Heap buffer overflow in Skia, Integer overflow in PDFium, Heap buffer overflow in WebGL, and Mark-of-the-Web bypass.

Google also addressed an overly permissive cross origin download, incorrect handling of URL fragment identifiers in Blink, a timing attack using SVG filters, URL Spoof in OmniBox, Information disclosure via texture data in WebGL, and  Information disclosure in IPC call.

The three Low risk bugs resolved in the browser include XSS in interstitials, circumvention of port blocking, and incorrect processing of AppManifests.

The new application release is available for download as version Chrome 65.0.3325.146 for Windows, Mac and Linux computers. Chrome for Android has been updated as well, now available as version 65.0.3325.109.

Related: Chrome Improves Security for Enterprise Use

RelatedHalf Million Impacted by Four Malicious Chrome Extensions

view counter