Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 74 Patches 39 Vulnerabilities

Google this week released Chrome 74 to the stable channel with patches for 39 vulnerabilities, as well as with several other tweaks inside.

Of the 39 security fixes included in the new browser iteration, 19 were for vulnerabilities reported by external researchers. These include 5 High severity flaws, 12 Medium risk bugs, and 2 Low severity issues.

Google this week released Chrome 74 to the stable channel with patches for 39 vulnerabilities, as well as with several other tweaks inside.

Of the 39 security fixes included in the new browser iteration, 19 were for vulnerabilities reported by external researchers. These include 5 High severity flaws, 12 Medium risk bugs, and 2 Low severity issues.

The High risk vulnerabilities addressed in Chrome 74 include a use-after-free in PDFium (CVE-2019-5805), an integer overflow in Angle (CVE-2019-5806), a memory corruption in V8 (CVE-2019-5807), and two use-after-free bugs in Blink (CVE-2019-5808 and CVE-2019-5809).

The reporters of the first four vulnerabilities received $3,000 each in bug bounty rewards. Google has yet to disclose whether it paid any reward for the fifth flaw.

The Medium severity issues include a user information disclosure flaw in Autofill (CVE-2019-5810), a CORS bypass in Blink (CVE-2019-5811), URL spoofing in Omnibox on iOS (CVE-2019-5812), and an out-of-bounds read bug in V8 (CVE-2019-5813). These vulnerabilities brought their reporters $2,000 (the first of them received an extra $1,337).

Other issues Google addressed include a heap buffer overflow in Blink (CVE-2019-5815), a CORS bypass in Blink (CVE-2019-5814), exploit persistence extension on Android (CVE-2019-5816), and a heap buffer overflow in Angle on Windows (CVE-2019-5817), and the company paid $1,000 for every one of them.

The reporter of an uninitialized value issue in the media reader component (CVE-2019-5818) received $500, but those reporting an incorrect escaping bug in developer tools (CVE-2019-5819), and integer overflows in PDFium (CVE-2019-5820 and CVE-2019-5821) received no reward.

The two Low risk bugs patched in this Chrome release are CVE-2019-5822 (CORS bypass in download manager), and CVE-2019-5823 (forced navigation from service worker). Google paid $500 in bug bounties for each of these vulnerabilities.

Advertisement. Scroll to continue reading.

The latest browser release is now available for Windows, Mac and Linux as Chrome 74.0.3729.108.

In addition to these security fixes, the application includes various other improvements and user experience enhancements, such as a dark mode for Windows 10 users, which can be enabled either by adding –force-dark-mode at the end of the shortcut used to launch the browser, or by switching the operating system’s skin to the Dark setting.

Related: Google Patches Actively Exploited Chrome Vulnerability

Related: Chrome Zero-Day Exploited to Harvest User Data via PDF Files

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.