Patch/Configuration Management, Vulnerability Management

Chrome 39 contains 42 security fixes, fallback to SSL 3.0 removed


Google Chrome 39, which was promoted to the stable channel for Windows, Mac and Linux on Tuesday, contains 42 security fixes.

A researcher identified as ‘biloulehibou' earned $7,500 for discovering a double-free vulnerability in Flash, Chen Zhang of the NSFOCUS Security Team earned $5,000 for uncovering a use-after-free bug in Blink, and a researcher known as ‘cloudfuzzer' earned $3,000 for identifying a buffer overflow flaw in PDFium, according to a Tuesday post.

Fallback to SSL 3.0 has been removed in Chrome 39, according to a Tuesday tweet by Adam Langley, senior staff software engineer at Google, who wrote in late October that SSL 3.0 will be disabled completely in Chrome 40.

In October, Google researchers uncovered a vulnerability in SSL 3.0 – known as POODLE – that could enable an attacker to intercept plaintext data from secure connections.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.