Google Patches Chrome Vulnerabilities

Friday, October 16, 2015 @ 03:10 PM gHale

Google released Chrome 46, which patches vulnerabilities and simplifies the security icon displayed for each website.

The stable channel of Chrome 46 for Windows, Mac and Linux fixes 24 security problems.

Chrome Release Fixes Security Holes
Browsers Dropping Cipher
Firefox Update Fixes 2 Security Flaws
Zero Day Flaws in Browsers for Android

The list of high severity flaws patched by Google and discovered by outside researchers includes a cross-origin bypass in the Blink rendering engine, a use-after-free in PDFium, a use-after-free in ServiceWorker and a bad cast issue in PDFium.

The medium severity flaws found from outside researchers are an information leakage bug in LocalStorage, an improper error handling issue in libANGLE and memory corruption vulnerabilities in FFMpeg.

The work of Google’s own security team resulted in various fixes and the patching of multiple flaws in the V8 open source JavaScript engine.

Google said Chrome 46 changes the way users learn about page security. Under the old way, HTTPS sites that had minor errors had little yellow “caution triangle” badges.

From now on, though, the icon for HTTPS sites with minor errors will be the same as for HTTP websites. By doing so, Google wants to reduce the number of icons Chrome users have to learn, and encourage website operators to speed up migration to proper HTTPS.

“We’ve come to understand that our yellow ‘caution triangle’ badge can be confusing when compared to the HTTP page icon, and we believe that it is better not to emphasize the difference in security between these two states to most users. For developers and other interested users, it will still be possible to tell the difference by checking whether the URL begins with ‘https://’,” Chrome officials said in a blog post.