Patch/Configuration Management, Vulnerability Management

Google patches 37 security issues in Chrome

Google issued patches for 37 security issues in Chrome, with one being rated critical and six considered high risks, with the release of Chrome 63.0.3239.84.

The critical vulnerability (CVE-2017-15407) was an out of bounds write in QUIC (Quick UDP Internet Connections), which was reported by Ned Williamson on October 26 earning him $10,500.

The six patched vulnerabilities that are rated high (CVE-2017-15408, CVE-2017-15409, CVE-2017-15410, CVE-2017-15411, CVE-2017-15412 and CVE-2017-15413) cover three specific problems, heap buffer overflow in PDFium, out of bounds write in Skia and use after free in libXML. These were all reported in September and October and earned the bug bounty hunters between $5,000 and $6,337 for their effort.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.