Chrome 67 Browser Clears 34 Holes

Wednesday, May 30, 2018 @ 02:05 PM gHale

Chrome 67 released to the stable channel and brought with it 34 security fixes.

Google, the creator of the Chrome browser, is continuing to make Site Isolation available for more users. The functionality ensures each opened website is rendered in a separate process, thus isolating it from the processes of other websites and delivering stronger security boundaries.

Trojan Leverages Browser for Attack
Trojan With a Different Approach
Inside Attack at Coca-Cola
Staggering Cost for Insider Threats

Chrome’s Site Isolation was also meant as a form of mitigation against the web-exploitable Spectre vulnerability affecting modern micro-processors. Since the beginning of the year, together with Meltdown, another CPU flaw, Spectre has brought out a slew of patches and mitigations.

“We’re continuing to roll out Site Isolation to a larger percentage of the stable population in Chrome 67. Site Isolation improves Chrome’s security and helps mitigate the risks posed by Spectre,” Google officials said in a post.

Of the 34 security fixes delivered in the new browser release, 24 are for vulnerabilities reported by external researchers. These include 9 flaws rated high severity, 12 assessed with a medium risk, and 3 considered low severity.

The most important issues addressed in Chrome 67 include use after free in Blink (CVE-2018-6123), type confusion in Blink (CVE-2018-6124), overly permissive policy in WebUSB (CVE-2018-6125), heap buffer overflow in Skia (CVE-2018-6126), use after free in indexedDB (CVE-2018-6127), uXSS in Chrome on iOS (CVE-2018-6128), out of bounds memory access in WebRTC (CVE-2018-6129 and CVE-2018-6130), and incorrect mutability protection in WebAssembly (CVE-2018-6131).

Leave a Reply

You must be logged in to post a comment.