Google 发布了全平台的 Chrome 35,处理新特性和改进外,该版本修复了 23 个安全漏洞。其中最重要的几个安全漏洞包括:
- CVE-2014-1743: high-severity use-after-free issue affecting styles. The bug has been reported by cloudfuzzer and rewarded with $3,000;
- CVE-2014-1744: high-severity integer overflow impacting audio. Aaron Staple has been rewarded with $3,000 for reporting the vulnerability;
- CVE-2014-1745: high-severity use-after-free in SVG reported by Atte Kettunen of OUSPG. The reward for this flaw is $1,000;
- CVE-2014-1746: medium-severity out-of-bounds read affecting media filters. Holger Fuhrmannek has been credited for this vulnerability and rewarded with $1,000;
- CVE-2014-1747: medium-severity universal cross-site scripting (UXSS) with local MHTML file. Reported by packagesu and rewarded with $1,000;
- CVE-2014-1748: medium-severity UI spoofing with scrollbar. Jordan Milne has been rewarded with $500 for disclosing the issue.
此外,Google 自己的安全团队发现一个整数溢出漏洞问题,该问题影响 V8 引擎 (CVE-2014-3152) 以及内部审计方面的漏洞 (CVE-2014-1749) 。V8 引擎的漏洞已经在 3.25.28.16 版本中修复。
项目主页:http://googlechromereleases.blogspot.ro/2014/05/stable-channel-update_20.html
下载地址:https://www.google.com/chrome/browser/index.html#eula
来自:开源中国社区
