1 comment

Google plateste 65.000 de dolari pentru a rezolva 23 de probleme Google Chrome – Spoiler, memory usage nu este unul din acestea

by on 30/05/2016
 

Cand vine vorba de Google Chrome parerile sunt impartite. Unii il numesc diavolul pe pamant, altii a doua venire a HTML-ului, in functie de ce incidente s-au succedat in fata utilizatorului.

Cert este ca browser-ul celor de la Google musteste de buguri si vulnerabilitati, luna de luna fiind descoperite sute si sute de astfel de probleme. Probabil din acest motiv este indicat sa iti updatezi browser-ul, mai ales ca gigantul a anuntat ca a aplicat un patch la 42 de vulnerabilitati, din care 23 au fost descoperite si reparate de cercetatori externi companiei, costand Google astfel 65.000 de dolari. 

[$7500][590118] High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.

[$7500][597532] High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.

[$7500][598165] High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski.

[$7500][600182] High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.

[$7500][604901] High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu.

[$4000][602970] Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360.

[$3500][595259] High CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler.

[$3500][606390] High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.

[$3000][589848] High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.

[$3000][613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.

[$1000][579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime.

[$1000][583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.

[$1000][583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.

[$1000][601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.

[$1000][603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.

[$1000][603748] Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.

[$1000][604897] Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.

[$1000][606185] Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.

[$1000][608100] Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.

[$500][597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.

[$500][598077] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.

[$500][598752] Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani.

[$500][603682] Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan.

Patch-urile raportate de cercetatorii externi acopera noua vulnerabilitati de severitate inalta, 10 de severitate medie si patru de securitate scazuta.

Jumatate din plati au fost efectuate catre hacker-ul prolific de origine poloneza Mariusz Mlynski, ce a castigat 30000$ de pe urma raportarii a patru modalitati de evaziune a politicii Cross-origin din Google Chrome.

Cercetatorii Rob Wu si Guang Gong au luat celelalte doua premii de top in efortul de patching, castigand 7500$ respectiv 4000$ fiecare, pentru inca o metoda de evitare a politice Cross origin precum si o vulnerabilitate de tip Type Confusion.

Wu a mai colectat recompense suplimentare pentru vulnerabilitati de severitate medie si scazuta, colectand o suma de inca 4500$.

„Am vrea sa multumim tuturor cercetatorilor ce au lucrat cu noi in timpul ciclului de dezvoltare pentru a preveni gaurile de securitate din lansarea pe canalul stabil” a remarcat inginerul de test al Google Krishna Govind.

„Multe dintre vulnerabilitatile de securitate sunt identificate folosind AddressSanitizer, MemorySanitizer, Control Flow Integrity sau LibFuzzer”

[Google]

 

comments
 
Leave a reply »

 

Leave a Response