Google Chrome corrige 30 vulnerabilidades

Google Chrome crea parches para 30 vulnerabilidades a los que se puede acceder a través del Stable Channel Update para Windows, Mac y Linux.

Entre las vulnerabilidades existen cinco calificadas como «high rate flaws». La compañía agradece en su comunicado el trabajo de investigadores externos que detectaron y comunicaron a la empresa varias de las vulnerabilidades mencionadas:

  • [$7500][722756] High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
  • [$3000][715582] High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26
  • [$3000][709417] High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
  • [$2000][716474] High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
  • [$1000][700040] High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
  • [$2000][678776] Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
  • [$1000][722639] Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
  • [$1000][719199] Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
  • [$1000][716311] Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
  • [$1000][711020] Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
  • [$500][713686] Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
  • [$500][708819] Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
  • [$N/A][672008] Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
  • [$N/A][721579] Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
  • [$N/A][714849] Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
  • [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15

La empresa aconseja a los usuarios y administradores que actualicen los sistemas afectados tan pronto como sea posible y recuerda que muchas de sus vulnerabilidades pueden ser detectadas por los usuarios empleando AddressSanitizer, MemorySanitizer, Control Flow Integrity, o libFuzzer.

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.

TE PUEDE GUSTAR

RECIBE LA NEWSLETTER

*Email: *Nombre apellidos: *Empresa: Cargo: Sector:

 
Please don't insert text in the box below!

ARTÍCULOS MÁS RECIENTES

ESCUCHA NUESTRO PODCAST

SÍGUENOS EN RRSS

MÁS COMENTADOS

Ir arriba