Thursday, December 5, 2024
HomeHacksGoogle Fixes 26 High-Severity Flaws In Chrome Browser - Google Paid 70000$...

Google Fixes 26 High-Severity Flaws In Chrome Browser – Google Paid 70000$ to External Researchers

Published on

SIEM as a Service

Google is urging Windows, Mac and Linux users to update their Chrome browsers to fix multiple vulnerabilities that could allow malicious third parties to take control of targeted systems.

The United States Computer Emergency Readiness Team (US-CERT) issued an alert around the Chrome update on Thursday in conjunction with Google, detailing a list of 26 bug bounty payments totaling $70,000 paid to external researchers. According to Google, another 10 security fixes were tackled by Google itself.

Topping the list of vulnerabilities are a dozen “high” severity issues. Five of the flaws are tied to universal cross-site scripting vulnerabilities in Chrome’s Blink component, a web browser engine developed as part of the open-source web browser project Chromium Project.

- Advertisement - SIEM as a Service

Four other high-severity vulnerabilities are tied to Google’s problem-plagued Chrome default PDF viewer, called PDFium.

The flaw, described by Google in June, had put users at risk if they were enticed to view a specially crafted PDF document with an embedded jpeg2000 image within the default PDF viewer. Google did not disclose specifics of this most recent PDFium vulnerability in Thursday’s update.

Security researcher Mariusz Mlynski earned $22,500 for finding three of the high-severity bugs tied to cross site scripting errors in Blink. The Polish researcher found similar flaws in May, earning him $15,000.

Two more high-severity vulnerabilities are tied to Chrome’s V8 JavaScript engine. One of the flaws is described as a “private property access in V8” vulnerability.

The other V8 issue is a use after free vulnerability in V8. There were nine reported medium-severity flaws, two of which are related to Chrome’s Omnibox (address bar) which hackers in the past have been able to use to spoof addresses.

This update includes 26 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$N/A][664411] High CVE-2016-9651: Private property access in V8. Credit to Guang Gong of Alpha Team Of Qihoo 360

[$7500][658535] High CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski

[$7500][655904] High CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski

[$7500][653749] High CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu (robwu.nl)

[$7500][646610] High CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous

[$7500][630870] High CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski

[$5000][664139] High CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go of STEALIEN

[$3000][644219] High CVE-2016-5203: Use after free in PDFium. Credit to Anonymous

[$3500][654183] High CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB

[$3000][653134] High CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani

[$3000][649229] High CVE-2016-5211: Use after free in PDFium. Credit to Anonymous

[$500][652548] High CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani

[$N/A][601538] Medium CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR

[$3000][653090] Medium CVE-2016-5216: Use after free in PDFium. Credit to Anonymous

[$3000][619463] Medium CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang

[$2500][654280] Medium CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu
(robwu.nl)

[$2000][660498] Medium CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi
(@qab)

[$1500][657568] Medium CVE-2016-5219: Use after free in V8. Credit to Rob Wu (robwu.nl)

[$1000][660854] Medium CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker of ForAllSecure

[$1000][654279] Medium CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu (robwu.nl)

[$500][657720] Medium CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr of Tencent’s Xuanwu Lab

[$N/A][653034] Low CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Żoczek

[$N/A][652038] Low CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee [$N/A][639750] Low

CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu (@shhnjk)

[$N/A][630332] Low CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme (@Scott_Helme, scotthelme.co.uk)

[$N/A][615851] Low CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak

Google also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

 
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Telegram Bot Selling Phishing Tools to Bypass 2FA & Hack Microsoft 365 Accounts

A newly discovered phishing marketplace, ONNX Store, empowers cybercriminals to launch sophisticated attacks against...

Mobile Device Management Vendor Mobile Guardian Hacked

 Mobile Guardian, a leading Mobile Device Management (MDM) vendor, experienced unauthorized access to its...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...