Google Chrome 71 veröffentlicht

Gestern hat Google seinen Chrome auf die Version 71 geupdatet. Genauer gesagt ist es die Version 71.0.3578.80.

Der Intigrierte AdBlocker wurde optimiert. Seiten die den Standard „Coalition of Better Ads“ nicht haben, werden im Chrome nun direkt gesperrt.

Desweiteren wurden 43 zum Teil sehr wichtige Sicherheitslücken beseitigt.

  • [$N/A][905940] High CVE-2018-17480: Out of bounds write in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 via Tianfu Cup on 2018-11-16
  • [$6000][901654] High CVE-2018-17481: Use after frees in PDFium. Reported by Anonymous on 2018-11-04
  • [$5000][895362] High CVE-2018-18335: Heap buffer overflow in Skia. Reported by Anonymous on 2018-10-15
  • [$5000][898531] High CVE-2018-18336: Use after free in PDFium. Reported by Huyna at Viettel Cyber Security on 2018-10-24
  • [$3000][886753] High CVE-2018-18337: Use after free in Blink. Reported by cloudfuzzer on 2018-09-19
  • [$3000][890576] High CVE-2018-18338: Heap buffer overflow in Canvas. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-09-29
  • [$3000][891187] High CVE-2018-18339: Use after free in WebAudio. Reported by cloudfuzzer on 2018-10-02
  • [$3000][896736] High CVE-2018-18340: Use after free in MediaRecorder. Reported by Anonymous on 2018-10-18
  • [$3000][901030] High CVE-2018-18341: Heap buffer overflow in Blink. Reported by cloudfuzzer on 2018-11-01
  • [$3000][906313] High CVE-2018-18342: Out of bounds write in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-11-17
  • [$1000][882423] High CVE-2018-18343: Use after free in Skia. Reported by Tran Tien Hung (@hungtt28) of Viettel Cyber Security on 2018-09-10
  • [$TBD][866426] High CVE-2018-18344: Inappropriate implementation in Extensions. Reported by Jann Horn of Google Project Zero on 2018-07-23
  • [$TBD][900910] High To be allocated: Multiple issues in SQLite via WebSQL. Reported by Wenxiang Qian of Tencent Blade Team on 2018-11-01
  • [$8000][886976] Medium CVE-2018-18345: Inappropriate implementation in Site Isolation. Reported by Masato Kinugawa and Jun Kokatsu (@shhnjk) on 2018-09-19
  • [$2000][606104] Medium CVE-2018-18346: Incorrect security UI in Blink. Reported by Luan Herrera (@lbherrera_) on 2016-04-23
  • [$2000][850824] Medium CVE-2018-18347: Inappropriate implementation in Navigation. Reported by Luan Herrera (@lbherrera_) on 2018-06-08
  • [$2000][881659] Medium CVE-2018-18348: Inappropriate implementation in Omnibox. Reported by Ahmed Elsobky (@0xsobky) on 2018-09-07
  • [$2000][894399] Medium CVE-2018-18349: Insufficient policy enforcement in Blink. Reported by David Erceg on 2018-10-11
  • [$1000][799747] Medium CVE-2018-18350: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu (@shhnjk) on 2018-01-06
  • [$1000][833847] Medium CVE-2018-18351: Insufficient policy enforcement in Navigation. Reported by Jun Kokatsu (@shhnjk) on 2018-04-17
  • [$1000][849942] Medium CVE-2018-18352: Inappropriate implementation in Media. Reported by Jun Kokatsu (@shhnjk) on 2018-06-06
  • [$1000][884179] Medium CVE-2018-18353: Inappropriate implementation in Network Authentication. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-09-14
  • [$1000][889459] Medium CVE-2018-18354: Insufficient data validation in Shell Integration. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-09-26
  • [$500][896717] Medium CVE-2018-18355: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-18
  • [$TBD][883666] Medium CVE-2018-18356: Use after free in Skia. Reported by Tran Tien Hung (@hungtt28) of Viettel Cyber Security on 2018-09-13
  • [$TBD][895207] Medium CVE-2018-18357: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-15
  • [$TBD][899126] Medium CVE-2018-18358: Insufficient policy enforcement in Proxy. Reported by Jann Horn of Google Project Zero on 2018-10-26
  • [$TBD][907714] Medium CVE-2018-18359: Out of bounds read in V8. Reported by cyrilliu of Tencent Zhanlu Lab on 2018-11-22
  • [$500][851821] Low To be allocated: Inappropriate implementation in PDFium. Reported by Salem Faisal Elmrayed on 2018-06-12
  • [$500][856135] Low To be allocated: Use after free in Extensions. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-06-25
  • [$500][879965] Low To be allocated: Inappropriate implementation in Navigation. Reported by Luan Herrera (@lbherrera_) on 2018-09-03
  • [$500][882270] Low To be allocated: Inappropriate implementation in Navigation. Reported by Jesper van den Ende on 2018-09-09
  • [$500][890558] Low To be allocated: Insufficient policy enforcement in Navigation. Reported by Ryan Pickren (ryanpickren.com) on 2018-09-29
  • [$TBD][895885] Low To be allocated: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-16

Und zu guter letzt wird noch folgende Sicherheitslücke erwähnt, die schon im Chrome 69 gefixt wurde.

  • [$3000][853937] Medium To be allocated: Insufficient policy enforcement in Payments. Reported by Jun Kokatsu (@shhnjk) on 2018-06-18

Quelle: Googleblog

Der Beta Kevin

Ich bin der Beta Kevin, der Gründer der Homepage und Mitgründer von BetaBytes. Damals hatte ich die Vorstellung, mit YouTube berühmt zu werden, aber dies war nur so ein Jugendtraum. Dann habe ich mich hingesetzt und eine Homepage gebastelt (www.derbetakevin.com), die nach und nach aufwind bekam. Als ich mich dann mit Jerry zusammen getan habe, wurde aus “derbetakevin.com” “betabytes.net”. Weiterhin bin ich auch noch Moderator bei Radio-mXm.de und mache meine Ausbildung als Verwaltungsfachangestellter.

Kommentar verfassen