A new version of Google Chrome is available, and it contains patches for 43 security vulnerabilities, many of them in the high-risk category.
Two of the more serious vulnerabilities fixed in Chrome 44 are a pair of universal cross-site scripting bugs. One of the flaws is in blink, the Web layout engine in Chrome. The other one is in Chrome for Android. Universal XSS vulnerabilities allow attackers to exploit XSS bugs in browsers rather than on sites. Each of those vulnerabilities earned the researchers who reported them a $7,500 bug bounty from Google.
As part of that bounty program, Google paid out roughly $40,000 to external researchers who reported vulnerabilities to the company. Among the other vulnerabilities patched in this release are three heap buffer overflows in pdfium, the PDF rendering engine in Chrome. There also are a number of use-after-free bugs in various components patched in Chrome 44.
Here’s the list of vulnerabilities reported by external researchers:
[$3000] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.
[$2000] High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG.
[$1337] Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.
[$1000] Medium CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen of OUSPG.
[$500] Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to firstname.lastname@example.org.