Google Fixes 159 Flaws in Chrome

Google updates its Chrome browser on a very aggressive timeline, often a couple of times a month. Usually, each update includes a handful of security fixes, maybe 12 or 15. On Tuesday, the company released Chrome 38, which patched a staggering 159 vulnerabilities.

The huge majority of those patches–113 of them–fix minor vulnerabilities in the browser, but Google also fixed several high-risk flaws and one critical bug that earned the researcher who reported it a reward of more than $27,000. That reward is for a combination of vulnerabilities in the V8 engine and IPC that can enable an attacker to escape the Chrome sandbox and execute arbitrary code. Researcher Juri Aedla received a reward of $27,633.70 for reporting that series of flaws to Google.

In all, Google awarded more than $52,000 in rewards to researchers who reported vulnerabilities fixed in this release. Among the vulnerabilities that Google patched are four use-after-free flaws rated as high risks. There are two other high-risk vulnerabilities, as well as four medium-rated ones and low-risk flaw. Here’s the full list of bugs fixed in Chrome 38:

[$27633.70][416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox.
[$3000][398384] High CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
[$3000][400476] High CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer.
[$3000][402407] High CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer.
[$2000][403276] High CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer.
[$1500][399655] High CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz.
[$1500][401115] High CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne.
[$4500][403409] Medium CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla.
[$3000][338538] Medium CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw.
[$1500][396544] Medium CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada.
[$1500][415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen of OUSPG.
[$500][395411] Low CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne.

Suggested articles


  • crackers on

    And since Apple's Safari shares the similar Webkit code base, assume many of those patches (or even more) to arrive for Safari next,. Apple relies heavily upon Google and researchers to find bugs and doesn't offer any rewards for doing so. Apple is also quite slow, it will be likely several months before the patches arrive, giving hackers a excellent opportunity.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.