Chrome 47 Releases, Fixes Security Flaws

Friday, December 4, 2015 @ 06:12 PM gHale

Chrome 47 is out and it includes 41 security fixes, including more than a dozen serious vulnerabilities, Google said.

One or more anonymous researchers brought home the largest amount of money, taking home $31,337 for three use-after-free vulnerabilities in AppCache.

Edge Now Blocks Code Injection
IE Continues Flawed Life, Edge Taking Over
Subsystem can Bypass EMET Security
Unsupported ICS: Not an Easy Upgrade

Mariusz Mlynski earned $30,500 for reporting four cross-origin bypass flaws in DOM.

Guang Gong of the Chinese security firm Qihoo 360 earned $7,500 for the out-of-bounds access issue (CVE-2015-6764) he reported in November at the Mobile Pwn2Own competition in Tokyo.

Other high severity issues patched with the release of Chrome 47 include out-of-bounds access vulnerabilities in V8, Skia, and PDFium, use-after-free flaws in Extensions and DOM, and a type confusion in PDFium. These vulnerabilities earned researchers between $3,000 and $7,500.

External researchers also reported half a dozen medium severity issues, including an out-of-bounds access in PDFium, a scheme bypass in PDFium, a use-after-free in Infobars, an integer overflow in Sfntly, a content spoofing bug in Omnibox, and a signature validation issue in Android Crazy Linker.

The researchers known as “cloudfuzzer” and “miaubiz,” Atte Kettunen of OUSPG, Hanno Böck, Long Liu of the Qihoo 360 Vulcan Team, Karl Skomski, Til Jasper Ullrich, Khalil Zhani, Luan Herrera, and Michal Bednarski reported the medium and high impact vulnerabilities. In addition, some of the flaws patched with the latest version of Chrome ended up identified by Google’s own security team.