Categories
News

Google Removes SSLv3 Fallback Support From Chrome

Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3.

Among the fixes in Google Chrome version 39 are a number of patches for high-risk vulnerabilities, including several buffer overflows, use-after-frees and integer overflows.

Highlight fixes below:

Please see the Chromium security page for more information.

[$500][389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey.
[$1500][406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG.
[$1000][413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer.
[$1000][414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer.
[$3000][414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer.
[$2000][418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG.
[$2000][421817] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team.
[$500][423030] High CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
[$7500][423703] High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou.
[$5000][424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
[$500][425980] High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl.
[$500][391001] Medium CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz.

Source: Chrome Release Dev Channel Blog 

Leave a Reply

Your email address will not be published. Required fields are marked *