Patch/Configuration Management, Vulnerability Management

Chrome 44 promoted to stable channel, includes 43 security fixes


The Google Chrome team promoted Chrome 44 to the stable channel for Windows, Mac and Linux on Tuesday – the update comes with 43 security fixes, several of which are for high severity vulnerabilities.

According to a blog post, two researchers each earned $7,500 for reporting critical bugs – a UXSS in Chrome for Android, and a UXSS in Blink. Separately, one researcher earned $5,500 for identifying a heap-buffer-overflow in PDFium, and another earned $5,000 for discovering a memory corruption in Skia.

Other high severity vulnerabilities that were fixed include a use-after-free in IndexedDB, a CSP bypass, and a use-after-free in Blink, the blog post noted. An issue where settings allowed executable files to run immediately after download was also addressed.

Among the medium severity vulnerabilities that were fixed are an information leak in XSS auditor, and an uninitialized memory read in ICU.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.