Изменения в программе:
Stable Channel Update, Wednesday, March 2, 2016
• Chrome 49.0.2623.75 содержит ряд исправлений и улучшений. Это обновление включает в себя 26 исправлений для системы безопасности.
- [$8000][560011] High CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz Mlynski.
- [$7500][569496] High CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski.
- [$5000][549986] High CVE-2016-1632: Bad cast in Extensions. Credit to anonymous.
- [$3000][572537] High CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer.
- [$3000][559292] High CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer.
- [$2000][585268] High CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu.
- [$2000][584155] High CVE-2016-1636: SRI Validation Bypass. Credit to ryan@cyph.com.
- [$500] [560291] High CVE-2015-8126: Out-of-bounds access in libpng. Credit to joerg.bornemann.
- [$2000][555544] Medium CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy.
- [$1000][585282] Medium CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu.
- [$1000][572224] Medium CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani.
- [$1000][550047] Medium CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan Herrera.
- [$500] [583718] Medium CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG.
• As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [591402] CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26).
•
Stable Channel Update: Chrome 49.0.2623.75