今回のバージョンアップでは、アプリや拡張機能向けのAPIが拡充され、安定性とパフォーマンスに関わる改善が行われています。
43件の脆弱性が修正されており、外部からの報告によるセキュリテ修正の深刻度の内訳は、4段階中上から2番目の“High”が12件、上から3番目の“Medium”が6件、最低の“Low”が1件となっています。
[$3000][446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.
[$3000][459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.
[$TBD][461858] High CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to andrewm.bpi.
[$7500][462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team.
[$TBD][472614] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.
[$5500][483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.
[$5000][486947] High CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.
[$1000][487155] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.
[$TBD][487928] High CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.
[$TBD][492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa.
[$2000][493243] High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG.
[$7500][504011] High CVE-2015-1286: UXSS in blink. Credit to anonymous.
[$1337][419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.
[$1000][444573] Medium CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen of OUSPG.
[$500][451456] Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva.
[479743] Medium CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined.
[$500][482380] Medium CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.
[$1337][498982] Medium CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes.
[$500][479162] Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to mike@michaelruddy.com.
▶︎ Chrome ブラウザ
▶︎ Chrome Releases: Stable Channel Update
0 件のコメント :
コメントを投稿