Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3, the component that was the target of the POODLE attack revealed last month.
When the POODLE attack was disclosed by several Google researchers in October, the company said that it had added a change to Chrome that would disable SSLv3 fallback. The technique involves an attacker to force a server to fall back from a modern version of SSL/TLS to the older SSLv3 and then decrypt the protected traffic by sending a high volume of requests to the server. The company plans to disable support for SSLv3 altogether at some point in the near future.
A little further down the line, perhaps in about three months, we hope to disable SSLv3 completely. The changes that I’ve just landed in Chrome only disable fallback to SSLv3 – a server that correctly negotiates SSLv3 can still use it. Disabling SSLv3 completely will break even more than just disabling the fallback but SSLv3 is now completely broken with CBC-mode ciphers and the only other option is RC4, which is hardly that attractive. Any servers depending on SSLv3 are thus on notice that they need to address that now,” Adam Langley of Google wrote in October.
Among the fixes in Chrome 39 are a number of patches for high-risk vulnerabilities, including several buffer overflows, use-after-frees and integer overflows. Google paid out $25,000 in rewards to researchers who reported vulnerabilities fixed in the new release. In addition, the company paid out $16,500 in additional rewards to researchers who found bugs during the development cycle.
The full list of patches in Chrome 39:
[$1500] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG.
[$1000] High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer.
[$1000] High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer.
[$3000] High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer.
[$2000] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG.
[$2000] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team.
[$500] High CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
[$7500] High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou.
[$5000] High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
[$500] High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl.
[$500] Medium CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz.