Chrome 67 Patches 34 Vulnerabilities
30.5.18 securityweek Vulnerebility
Google this week released Chrome 67 to the stable channel to provide various improvements, including patches for 34 vulnerabilities.
After introducing it in Chrome 63 in December, Google is now making Site Isolation available for more users. The functionality ensures that each opened website is rendered in a separate process, thus isolating it from the processes of other websites and delivering stronger security boundaries.
Chrome’s Site Isolation was also meant as a form of mitigation against the web-exploitable Spectre vulnerability affecting modern micro-processors. Since the beginning of the year, together with Meltdown, another CPU flaw, Spectre has fueled an industry-wide race to release patches and mitigations.
“We're continuing to roll out Site Isolation to a larger percentage of the stable population in Chrome 67. Site Isolation improves Chrome's security and helps mitigate the risks posed by Spectre,” Google notes in a blog post.
Of the 34 security fixes delivered in the new browser release, 24 are for vulnerabilities reported by external researchers. These include 9 flaws rated High severity, 12 assessed with a Medium risk, and 3 considered Low severity.
The most important issues addressed in Chrome 67 include Use after free in Blink (CVE-18-6123), Type confusion in Blink (CVE-18-6124), Overly permissive policy in WebUSB (CVE-18-6125), Heap buffer overflow in Skia (CVE-18-6126), Use after free in indexedDB (CVE-18-6127), uXSS in Chrome on iOS (CVE-18-6128), Out of bounds memory access in WebRTC (CVE-18-6129 and CVE-18-6130), and Incorrect mutability protection in WebAssembly (CVE-18-6131).
The Medium severity bugs addressed in this release include Use of uninitialized memory in WebRTC, URL spoof in Omnibox, Referrer Policy bypass in Blink, UI spoofing in Blink, Out of bounds memory access in V8, Leak of visited status of page in Blink, Overly permissive policy in Extensions, Restrictions bypass in the debugger extension API, Heap buffer overflow in Skia, and Out of bounds memory access in V8.
Google also addressed Out of bounds memory access in PDFium, Incorrect escaping of MathML in Blink, and Password fields not taking advantage of OS protections in Views.
The search engine giant paid over $30,000 in bug bounties to the reporting security researchers. However, the company has yet to publish full details on the rewards.