![]() ![]() ![]() ![]() The largest bounty paid was for $7,500 and paid to researcher Brendon Tiszka for the (CVE-2017-5030) memory corruption flaw in the V8 JavaScript engine. The Chrome security holes were disclosed to Google’s Chromium Project and its bug bounty program. However, it said more information regarding Chrome 57 is pending via its Chrome and Chromium blog. Google did not mention the additional SHA-1 notification feature Thursday with the rollout of Chrome. However, with the introduction of Chrome 57, released to the Stable channel in March, Google said at the time, “Features which require a secure origin, such as geolocation, will continue to work, however pages will be displayed as ‘neutral, lacking security.’ Without this policy set, SHA-1 certificates that chain to locally installed roots will not be trusted starting with Chrome 57.” In November, Google said it removed support for SHA-1 certificates in Chrome 56, but will distinguish between certificates chained to a public Certificate Authority and those chained to local CAs. 98 was released to Google’s Stable channel, which means the software is fully tested by the Chrome OS team. Beta Chrome 57 was introduced in February and included new features CSS grid layout, improved add to home screen, Media Session API. 98 update for Windows, Mac and Linux includes a number of fixes and improvements and will roll out them over the coming days and weeks. Topping the list of vulnerabilities patched are a memory corruption flaw in the V8 JavaScript engine, a use after free bug found in Google’s Almost Native Graphics Layer Engine, and an out-of-bounds write flaw found in the PDFium component of the Chrome browser. As part of the update, Google thanked nearly two dozen bug hunters with bug bounty payments totaling $38,000. ![]() Google released an updated version of its Chrome browser on Thursday to fix nine high-severity vulnerabilities that if exploited could allow adversaries to take control of targeted systems. ![]()
0 Comments
Leave a Reply. |