Patch/Configuration Management, Vulnerability Management

Google releases Chrome update

Google updated its Chrome browser's stable channel to 43.0.2357.1430 for Windows, Mac and Linux on Monday.

The update addresses multiple vulnerabilities, and the company's security team highlighted four of those patches in its blog post. Outside researchers discovered the bugs, two of which were deemed "high" severity.

CVE-2015-1266, for example, pertained to a scheme validation error in WebUI. The other high severity bug, CVE-2015-1268, is a cross-origin bypass in Blink. The validation error discovery netted an anonymous researcher $5,000.

Another cross-origin bypass in Blink was found, CVE-2015-1267, although that vulnerability was considered ‘medium' severity.

A final bug, CVE-2015-1269, demonstrated a normalization error in the HSTS/HPKP preload list.

Google does not provide further details on vulnerabilities until a majority of users are updated with a fix. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.