Google Patches High Risk Flaw in Chrome 63

Google has released Chrome 63.0.3239.108 to the stable channel to address two security vulnerabilities in the browser.

One of the bugs, tracked as CVE-2017-15429, was a Universal Cross-site Scripting (UXSS) issue in V8, the open-source JavaScript engine in Google Chrome and Chromium browsers.

The vulnerability can be exploited by a remote unauthenticated malicious actor to perform a UXSS attack. No further details on the vulnerability are publicly available at the moment.

The vulnerability was reported to Google on November 24 by an external researcher who chose to remain anonymous. Google paid a $7,500 reward to for the bug report.

The second vulnerability Google addressed with the new browser release was reported by the company’s internal team. The Internet giant has yet to publish any information on the flaw.

Chrome 63.0.3239.108 is now available for download for all Windows, Mac, and Linux users.

This is the second Chrome 63 release Google made available this month. The first arrived on December 6 as Chrome 63.0.3239.84, with patches for a total of 37 security fixes, including a Critical Out of bounds write vulnerability in QUIC.

19 of those security flaws were reported by external researchers and Google revealed it paid over $46,000 in bug bounties to the reporting researchers. The highest payout was of $10,500.

In addition to resolving numerous vulnerabilities, Chrome 63 brought a series of security improvements for enterprise users, such as Site Isolation and the ability to restrict access to extensions based on the permissions required. The browser also brought Transport Layer Security (TLS) 1.3 for Gmail.

In an attempt to improve stability and security, Chrome will prevent applications from injecting code into its processes on Windows, starting next year.

Related: Chrome Improves Security for Enterprise Use

Related: Chrome to Block Apps from Injecting into Its Processes

Related: Chrome 62 Update Patches Serious Vulnerabilities

Source: infosec island

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!