Chemical Safety Incidents
Chrome Updated with Security Fixes
Thursday, April 20, 2017 @ 06:04 PM gHale
Chrome 58 web browser moved to the stable channel, including Windows, GNU/Linux and macOS.
Chrome 58.0.3029.81 is now the latest stable release of the Google web browser, bringing fixes and improvements like full support for the IndexedDB 2.0 standard, improvements to iframe navigation, and full-screen support for PWAs (Progressive Web Apps) on Android.
Twenty-nine security fixes are in Google Chrome 58, addressing type confusions in the PDFium and Blink components, a couple of URL spoofing issues in Omnibox, a use after free in Chrome Apps and Blink, a heap use after free in Print Preview, a heap overflow in Skia, incorrect UI in Blink, and incorrect signature handing in Networking.
The new browser fixed an issue that rendered users vulnerable to Unicode domain phishing.
The vulnerability is in the use of Unicode characters in Internet hostnames through Punycode. By using characters that may look the same but are represented differently in Punycode, attackers can spoof legitimate websites and use them in phishing attacks.
Chrome 58 addresses the bug, which Google calls an URL spoofing in Omnibox (CVE-2017-5060). Assessed only a Medium severity rating, the vulnerability earned web developer Xudong Zheng a $2000 bounty.
Click here for more details on the fixes.