14 DAY TRIAL // A new stable version of Google Chrome is now available, plugging no less than 159 security holes discovered both internally and with the help of outside researchers.
Most notable among the bugs is a combination of V8 and Inter-process Communication (IPC) vulnerabilities that could lead to remote code execution outside the sandbox. A “thank you” in the form of a $27,633 / €21,830 bug bounty was offered to security researcher Jüri Aedla.
Google recently increased the reward limits for the bug bounty program, paying as much as $15,000 / €11,900 for a properly reported sandbox escape bug.
Restricting processes to running in an isolated environment is an important layer of defense in Google Chrome, as it prevents malware from gaining persistency on the system or reading arbitrary files on the machine. Moreover, sandboxed processes cannot write to disk, and this limitation extends to bugs they are affected by, too.
Others have also been handsomely rewarded
Out of the massive set of 159 glitches, the majority (113) were relatively minor; these were discovered using MemorySanitizer, a custom tool built by Google that detects uninitialized memory reads in C/C++ programs.
The next big paycheck was offered to Atte Kettunen of the Oulu University Secure Programming Group (OUSPG) and Collin Payne, who received $23,000 / €18,100 as an additional reward for working with the Google team during the development cycle to prevent other security bugs from reaching the stable release.
On the list of notable glitches rewarded by Google there are use-after-free bugs in Events, Rendering, DOM and Web Workers and a couple of out-of-bounds read errors in PDFium, Chrome’s PDF rendering engine.
Moreover, the developers managed to fix a permissions bypass flaw in Windows sandbox and an information leak in XSS Auditor.
Important to note is that only one of the bounties paid was of $500 / €395, the rest of them being $1,500 / €1,180 and up.
Browser switches to new release automatically
The latest Chrome browser release is available for all supported desktop platforms and is provided through the built-in automatic update mechanism. If the browser is not updated when launched, it should move to the next build after a restart.
Following this Chrome update, new versions for other web browsers relying on its engine should become available. Opera beta has already implemented the new code and pushed it to users.
Security fixes seem to be the largest chunk as far as the modifications in this release are concerned, but other changes are also present.