Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Google Patches 29 Vulnerabilities With Release of Chrome 45

Batu69

By Batu69
in Security & Privacy News

Recommended Posts

Batu69

Batu69

Posted
Posted

Google on Tuesday announced the availability of Chrome 45 for Windows, Mac, and Linux. The latest version of the web browser patches a total of 29 security issues, ten of which were reported by external researchers.

According to Google, six of the vulnerabilities reported by external researchers have been rated high severity. The list includes a couple of cross-origin bypass flaws in DOM (CVE-2015-1291, CVE-2015-1293), a cross-origin bypass in Service Worker (CVE-2015-1292), use-after-free flaws in Skia (CVE-2015-1294) and Printing (CVE-2015-1295), and a character spoofing bug in the Omnibox address bar (CVE-2015-1296).

Google has paid out $7,500 for each of the cross-origin bypass vulnerabilities, $5,000 for the use-after-free in Skia, $3,000 for the use-after-free in Printing, and $1,000 for the Omnibox spoofing issue.

The medium impact flaws patched with the release of Chrome 45.0.2454.85 are a permission scoping error in WebRequests, a URL validation error in extensions, and information leak and use-after-free bugs in the Blink web browser engine.

The vulnerabilities fixed in Chrome 45 have been reported by anonymous researchers, Mariusz Mlynski, Rob Wu, Alexander Kashev, and experts using the online monikers taro.suzuki.dev, cgvwzq, cloudfuzzer, and zcorpan.

The amount of money paid out by Google so far to those who contributed to making Chrome more secure is $40,500, but not all vulnerabilities have been reviewed by the search giant’s reward panel.

Google’s own security team has also identified many flaws through internal audits, fuzzing and other initiatives.

With the release of Chrome 45, Google has also started killing Flash ads. The company has decided to pause certain plugin content, including many Flash ads, in an effort to improve performance and reduce power consumption. Google is automatically converting most of the Flash ads uploaded to AdWords to HTML5. It has also provided tools that can be used to manually convert Flash ads to HTML5.

While Google’s decision to start killing Flash ads is apparently related to performance, security experts are happy to see the death of Flash due to the many vulnerabilities that have put users at risk over the past period.

Amazon has also stopped accepting Flash ads for Amazon.com starting with September 1. The e-commerce giant’s decision comes in response to the Flash content restrictions implemented by major web browser vendors.

Source

Link to comment
Share on other sites
  • Replies 7
  • Views 1.3k
  • Created
  • Last Reply
steven36

steven36

Posted
Posted

yea but did they the crash in windows 10 fast ring since 10525... any word on that :o

Maybe Microsoft wants you to switch too EDGE :lol:

Fast ring is insiders version witch are known to be full of new bugs , people who use slow ring didn't have this problem. It will be Nov tell slow ring users get a big update.

Anyways Chorme 45 was said too fix it in the fast ring . Did you even test Chrome 45 yet it was said it fixed it even when it was still in Canary.?

Link to comment
Share on other sites
dMog

dMog

Posted
Posted

yea but did they the crash in windows 10 fast ring since 10525... any word on that :o

Maybe Microsoft wants you to switch too EDGE :lol:

Fast ring is insiders version witch are known to be full of new bugs , people who use slow ring didn't have this problem. It will be Nov tell slow ring users get a big update.

Anyways Chorme 45 was said too fix it in the fast ring . Did you even test Chrome 45 yet it was said it fixed it even when it was still in Canary.?

it wasa google problem and nothing really to do with fast ring eventually this crash would have gotten to next build of windows 10 that sent out to non fast ring subscribers... google had a work around hack for chrome that caused the issue.... i have found out google may release a fix for this in the next build if they get around to it that is... google had quietly admitted they screwed up but as i said very quietly..i am using chrome beta as that was thei quick fix... will try out 45 today when i get home from work

Link to comment
Share on other sites
steven36

steven36

Posted
Posted

yea but did they the crash in windows 10 fast ring since 10525... any word on that :o

Maybe Microsoft wants you to switch too EDGE :lol:

Fast ring is insiders version witch are known to be full of new bugs , people who use slow ring didn't have this problem. It will be Nov tell slow ring users get a big update.

Anyways Chorme 45 was said too fix it in the fast ring . Did you even test Chrome 45 yet it was said it fixed it even when it was still in Canary.?

it wasa google problem and nothing really to do with fast ring eventually this crash would have gotten to next build of windows 10 that sent out to non fast ring subscribers... google had a work around hack for chrome that caused the issue.... i have found out google may release a fix for this in the next build if they get around to it that is... google had quietly admitted they screwed up but as i said very quietly..i am using chrome beta as that was thei quick fix... will try out 45 today when i get home from work

No way Google could have knew it was not going to work on Windows 10 Insider Preview Build 10525 . It didn't exist yet. Microsoft maybe knew this though :P

Chrome 44 came out stable 2015-07-21 

https://en.wikipedia.org/wiki/Google_Chrome_release_history

Windows 10 Insider Preview Build 10525 came out 2015-8-18

https://blogs.windows.com/bloggingwindows/2015/08/18/announcing-windows-10-insider-preview-build-10525/

I'm using a web browser based on 44 code base it works fine in the slow ring. I had problems with 42 code base though with some crashes I didn't have in Windows 8.1

Link to comment
Share on other sites
dMog

dMog

Posted
Posted

No way Google could have knew it was not going to work on Windows 10 Insider Preview Build 10525 . It didn't exist yet. Microsoft maybe knew this though :P

actually the way google hacked into windows 10 instead of following proper protocols set out.''' google did actually admit this was 100 percent their fault and that if they had done things properly instead of looking for cheap quick easy fix they knew was going crash the browser eventually.. ..and the ignorant way google spoke on line to the masses of people that dared ask them when they were going to have it fixed was really off putting....

Link to comment
Share on other sites
steven36

steven36

Posted
Posted

actually the way google hacked into windows 10 instead of following proper protocols set out.''' google did actually admit this was 100 percent their fault and that if they had done things properly instead of looking for cheap quick easy fix they knew was going crash the browser eventually.. ..and the ignorant way google spoke on line to the masses of people that dared ask them when they were going to have it fixed was really off putting....

Who knows when it will get fixed it took them months to even get add-ons that block WebRTC again its a bug that if you use a vpn they can get you're real ip . And still really Google has never really fixed it only the add-ons did.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...