Google on Tuesday released version 67.0.3396.62 of the Chrome operating system for Windows, Mac and Linux to its stable channel, in the process solving 24 vulnerabilities and introducing its "Site Isolation" security feature to additional users.
Meanwhile, a security researcher separately reported that Google last March patched its reCAPTCHA authentication mechanism for web application developers, in order to fix a security bypass bug he discovered.
Of the two dozen flaws fixed by the new Chrome update, nine were rated high in severity. These included a use-after-free (CVE-2018-6123) and type confusion (CVE-2018-6124) in Blink, an overly permissive policy in WebUSB (CVE-2018-6125), a heap buffer overflow in Skia (CVE-2018-6126), a use-after-free in indexedDB (CVE-2018-6127), a universal cross-site scripting in Chrome (CVE-2018-6128), two out-of-bounds memory issues in WebRTC (CVE-2018-6129 and CVE-2018-6130), and incorrect mutability protection in WebAssembly (CVE-2018-6131).
The new Chrome version will also introduce more individuals to Site Isolation, a security feature that makes it more difficult for malicious websites to bypass Same Origin Policy protections in order to access or steal information from user accounts on other websites. In its Chrome Releases blog, Google notes that Site Isolation will defend against exploits of the Spectre side-channel vulnerabilities.
The reCAPTCHA bug and subsequent patch was detailed in a blog post by the man who discovered it last January, researcher Andres Riancho, founder of Bonsai Information Security and w3af, an open-source web application attack and audit framework.
According to Riancho, the vulnerability can be exploited only if a web application "was vulnerable to HTTP parameter pollution and the URL was constructed by appending the response parameter before the secret.” Riancho determined that only around three percent of sites using reCAPTCHA were at risk, but it was reportedly enough to convince Google to fix the issue in its REST API and reward Riancho with a $500 bug bounty.