Google Fixes Sandbox Escape in Chrome

Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox.

That vulnerability is one of 37 bugs fixed in version 43 of Chrome. Six of those flaws are rated as high risks and Google paid out more than $38,000 in rewards to researchers who reported vulnerabilities to the company. Among the other serious vulnerabilities are cross-origin bypasses and three use-after-free vulnerabilities.

Google has not yet released the details of the vulnerabilities, so the nature and location of the sandbox-escape bug aren’t clear. The company waits until most users have updated to the new version before releasing complete details of the vulnerabilities.

Here are the public bugs fixed in Chrome 43:

[$16337][474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.

[$7500][464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.

[$3000][444927] High CVE-2015-1254: Cross-origin bypass in Editing. Credit to armin@rawsec.net.

[$3000][473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.

[$2000][478549] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.

[481015] High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP’s Zero Day Initiative

[$1500][468519] Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.

[$1000][450939] Medium CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer

[$1000][468167] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG

[$1000][474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.

[$500][466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.

[$500][476647] Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.

[$500][479162] Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.

[$500][481015] Low CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.

Suggested articles