Google Fixes Sandbox Escape in Chrome

[Tony Cole]

Content source

https://threatpost.com/google-fixes-sandbox-escape-in-chrome/112899

Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox.

That vulnerability is one of 37 bugs fixed in version 43 of Chrome. Six of those flaws are rated as high risks and Google paid out more than $38,000 in rewards to researchers who reported vulnerabilities to the company. Among the other serious vulnerabilities are cross-origin bypasses and three use-after-free vulnerabilities.

Google has not yet released the details of the vulnerabilities, so the nature and location of the sandbox-escape bug aren’t clear. The company waits until most users have updated to the new version before releasing complete details of the vulnerabilities.

Here are the public bugs fixed in Chrome 43:

[$16337][474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.

[$7500][464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.

[$3000][444927] High CVE-2015-1254: Cross-origin bypass in Editing. Credit to armin@rawsec.net.

[$3000][473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.

[$2000][478549] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.

[481015] High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP’s Zero Day Initiative

[$1500][468519] Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.

[$1000][450939] Medium CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer

[$1000][468167] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG

[$1000][474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.

[$500][466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.

[$500][476647] Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.

[$500][479162] Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.

[$500][481015] Low CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.

- See more at: https://threatpost.com/google-fixes-sandbox-escape-in-chrome/112899#sthash.tz7JPcIo.dpuf

 

[Terry Ganzi]

Good job with that news,I would err on the side of caution with browsers that have no such fixes in between major releases.

 

[OokamiCreed]

Makes sense to wait until most update to avoid the possibility of hackers exploiting those vulnerabilities. Wonder when Slimjet will update to the latest version. As of now (according to change logs) they are still using version 42. Thanks for the post @Tony Cole

 

[WinXPert]

good thing I'm a Firefox user since version 3

 

[Nightwalker]

Good job with that news,I would err on the side of caution with browsers that have no such fixes in between major releases.

Exactly, Chrome is the safest browser by far (Agressive Bug Bounty, Sandbox, Automatic Updates).
No news isnt good news when we are talking about vulnerabilities ...

 

[jamescv7]

Its better that was already discovered and fixed rather than nothing, a program must rely on the process of improvements continuously no matter how stable it is.

The conclusion for this, Chrome has a possibility to discover fewer vulnerabilities due to the facts its actively developing and report many incidents like IE does.

 

[Tony Cole]

I wish I knew how to find vulnerabiities, Google pay loads to those who do. May be we could all put our heads together and find one massive vulnerability in Chrome, Google are so impressed they offer us all a six figure sum of cash!