45 Security Issues Fixed In Chrome 42

Chrome 42 is available since Tuesday for Windows, Mac and Linux. A total of 45 security flaws were addressed in this version. The security researcher who identified most serious vulnerability, a cross-origin bypass flaw in HTML parser (CVE-2015-1235) was paid $7,500.

List of all vulnerabilities fixed goes as follows,
  • High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous.
  • Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo.
  • High CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani.
  • High CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer.
  • Medium CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil.
  • Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston of Sandfield Information Systems.
  • High CVE-2015-1242: Type confusion in V8. Credit to fcole@onshape.com.
  • Medium CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy.
  • Medium CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani.
  • Medium CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen of OUSPG.
  • Medium CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn.
  • Medium CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta (VittGam).

We advise our readers to update their Chrome to the latest version.

Source:[Google Blog]


Free counters!


MauriHackerS - Providing Latest IT Security and Hacking News !