CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Chrome 79 Patches Critical Vulnerabilities

Google this week released Chrome 79 to the stable channel with a total of 51 security fixes, including 37 reported by external researchers, two of which are considered critical severity.

Google this week released Chrome 79 to the stable channel with a total of 51 security fixes, including 37 reported by external researchers, two of which are considered critical severity.

Of the remaining bugs reported by external researchers, 8 are considered high risk, 18 have a medium severity rating, and 9 are considered low-risk.

The two critical flaws include CVE-2019-13725, a use-after-free in the Bluetooth component reported by Gengming Liu and Jianyu Chen of Tencent Keen Security Lab, and CVE-2019-13726, a heap buffer overflow in password manager, reported by Sergei Glazunov of Google Project Zero.

Google revealed that it paid $20,000 for the use-after-free flaw, but has yet to determine the bug bounty reward for the heap buffer overflow.

The high-risk vulnerabilities addressed in this release include insufficient policy enforcement in WebSockets (CVE-2019-13727), out of bounds write in V8 (CVE-2019-13728 and CVE-2019-13735), use-after-free in WebSockets (CVE-2019-13729), type confusion in V8 (CVE-2019-13730 and CVE-2019-13764), use-after-free in WebAudio (CVE-2019-13732), and out of bounds write in SQLite (CVE-2019-13734).

The medium-severity flaws include an integer overflow in PDFium; insufficient policy enforcement in autocomplete, navigation, Omnibox, cookies, audio, and developer tools; incorrect security UIs in Omnibox, sharing, and external protocol handling; insufficient validation of untrusted input in Blink; uninitialized use in rendering and SQLite; and out of bounds read and insufficient data validation issues in SQLite.

Low-severity flaws patched in Chrome 79 include insufficient policy enforcements in extensions, navigation, downloads, and payments; and incorrect security UIs in printing, interstitials, and Omnibox.

Google has also included in its browser a warning when encountering reused passwords: Chrome will alert users of such passwords when they attempt to log into websites. Previously available through an extension, the feature is now baked into the application.

Advertisement. Scroll to continue reading.

Overall, Google paid $80,000 in bug bounties to reporting security researchers, but it has yet to disclose the amount paid for 10 of the vulnerabilities, including one critical and four high-severity issues.

The new browser iteration is now available for download as Chrome 79.0.3945.79, for Windows, Mac and Linux.

Related: Chrome 78 Released With DoH, 37 Security Patches

Related: Google Patches 8 Vulnerabilities in Chrome 77

Related: Google Patches More High-Value Chrome Sandbox Escape Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.