Google Plugs ‘High Risk’ Chrome Holes, Adds PDF Viewer in Sandbox

Google has shipped a new version of its Chrome web browser to fix at least 14 security vulnerabilities that expose users to malicious hacker attacks.

The Chrome 8.0.552.215 update also include a new built-in PDF viewer that is secured in Chrome’s sandbox, according to a brief note posted by Google’s Jason Kersey.

Chrome patchGoogle has shipped a new version of its Chrome web browser to fix at least 14 security vulnerabilities that expose users to malicious hacker attacks.

The Chrome 8.0.552.215 update also include a new built-in PDF viewer that is secured in Chrome’s sandbox, according to a brief note posted by Google’s Jason Kersey.

Five of the 14 security flaws carry a “high-risk” rating. Details on the security vulnerabilities.

  • [17655] Possible pop-up blocker bypass. Low Risk.
  • [55745] Cross-origin video theft with canvas. Discovered and reported by Microsoft Vulnerability Research (MSVR). Medium Risk.
  • [56237] Browser crash with HTML5 databases. Low Risk.
  • [58319] Prevent excessive file dialogs, possibly leading to browser crash. Low Risk.
  • [59554] Use-after-free vulnerability in history handling. High Risk.
    [Linux / Mac]
  • [59817] Make sure the “dangerous file types” list is up to date with the Windows platforms. Medium Risk.
  • [61701] Browser crash with HTTP proxy authentication. Low Risk.
  • [61653] Out-of-bounds read regression in WebM video support. Medium Risk.
  • [62127] Crash due to bad indexing with malformed video. High Risk.
  • [62168] Possible browser memory corruption via malicious privileged extension. Medium Risk.
    [62401] Use-after-free vulnerability with SVG animations. High Risk.
  • [63051] Use-after-free vulerability in mouse dragging event handling. High Risk.
  • [63444] Double-free vulnerability in XPath handling. High Risk.

As part of its ongoing bug-bounty program, Google shelled out $4,000 to purchase vulnerability data from the security research community.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.