Latest Security Updates for Google Chrome

Google recently released a large series of patches and bug fixes for their popular Chrome web browser.  Chrome 44 includes patches for 43 security issues so I suggest you update right away.  The new Chrome version 44.0.2403.89 is available for Windows, Mac, and Linux.  There are a lot of patches in the update and several of them will help protect users against critical security flaws that either Google or an outside researcher found through their bug bounty program.  You will want to update to Chrome 44 asap.

Chrome

Here is a full list of fixes included in the Chrome 44 release:

  • High CVE-2015-1271: Heap-buffer-overflow in pdfium.
  • High CVE-2015-1273: Heap-buffer-overflow in pdfium.
  • High CVE-2015-1274: Settings allowed executable files to run immediately after download.
  • High CVE-2015-1275: UXSS in Chrome for Android.
  • High CVE-2015-1276: Use-after-free in IndexedDB.
  • High CVE-2015-1279: Heap-buffer-overflow in pdfium.
  • High CVE-2015-1280: Memory corruption in skia.
  • High CVE-2015-1281: CSP bypass
  • High CVE-2015-1282: Use-after-free in pdfium.
  • High CVE-2015-1283: Heap-buffer-overflow in expat.
  • High CVE-2015-1284: Use-after-free in blink.
  • High CVE-2015-1286: UXSS in blink.
  • Medium CVE-2015-1287: SOP bypass with CSS.
  • Medium CVE-2015-1270: Uninitialized memory read in ICU
  • Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination.
  • Medium CVE-2015-1277: Use-after-free in accessibility.
  • Medium CVE-2015-1278: URL spoofing using pdf files.
  • Medium CVE-2015-1285: Information leak in XSS auditor.
  • Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP.

It is great to see so many talented security researchers getting involved with Google’s bug bounty program.  If you visit the link above for the list of fixes it also credits the individual or team that submitted the issue and shows the bounty paid for each security bug that was fixed in the release.  Google mentions that the details of the bugs may be restricted until a majority of users implement the fix.  That is a very responsible way to balance our need for information with the security risk for those who haven’t updated to the latest version of Chrome yet.