04 March 2016

Google Chrome: version 49 eliminated 26 vulnerabilities

A high risk starts from a minimum of 8 vulnerabilities. Google will make a total of $ 36,500 to security researchers, the details have come to 13 of the 26 vulnerabilities.

The new version 49 that Google has now released for download, eliminates many errors and also includes new features for developers. Primarily, however, it plugs 26 security holes. From at least eight vulnerabilities poses a high risk. An attacker could inject and execute malicious code within the sandbox of the browser.

clip_image002

Chrome 49 is available for Windows, Mac OS X and Linux. but possibly only after a restart of the application - users who installed the browser, the update will automatically receive. But it can also be downloaded from the Google website.

can be at the rewards paid by Google quite easy reading of the severity of vulnerabilities. Google will make a total of $ 36,500 to security researchers, the details have come to 13 of the 26 vulnerabilities. $ 15,500 will go to Mariusz Mlynski, 6000 dollars "cloudfuzzer" and 3,000 dollars to Rob Wu. The three researchers reported two vulnerabilities. Moreover, given security specialists who have discovered errors in non-stable versions of the Google browser, bonuses amounting to $ 14,500.

The update corrects two errors that allow circumvention of the same-origin policy, in the Pepper plug-in and the browser engine Blink. In Blink also put three use-after-free bugs that Google has removed with Chrome 49th The open source graphics library Skia are also may reveal personal information.

Moreover, Chrome 49 also includes fixes for bugs that Google has discovered during internal security audits. Among apparently is also a critical vulnerability that allows an attacker, according to Google's definition, execute code outside the sandbox. However, details of this vulnerability does Google not publicly.

Developers benefit from a new programming interface that allows you to synchronize Service Workers in the background. As an example, Google calls a browser-based email client that allows a user sent a message and leaves the page before the synchronization is complete. in the case of The Background Sync API compares unique local data in the background, without the associated website is open.Google has improved but also the support for ECMA Script, 2015. The latest version of the V8 JavaScript engine supports 91 percent of the latest ECMA script functions.

No comments:

Post a Comment