Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Google Fixes Handful of vulnerabilities in Chrome

Google Fixes Handful of vulnerabilities in Chrome


Google has fixed several vulnerabilities in Chrome, including a pair of cross-origin bypasses and a high-risk scheme validation error. The new release updates Chrome to version 43.0.2357.130 and there are patches for other security flaws as well, though Google has only published information on four of them. One of the vulnerabilities, the scheme-validation error, earned the researcher who reported it to Google a $5,000 bug bounty. The lists of patched vulnerabilities include:
 
·         High CVE-2015-1266: Scheme validation error in WebUI
·         High CVE-2015-1268: Cross-origin bypass in Blink
·         Medium CVE-2015-1267: Cross-origin bypass in Blink
·         Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list
 
Google maintains a release schedule for Chrome that enables the company to patch the vulnerabilities.
 
Read More:
 
Source:
 
Threat Post
 
Digital Era
 
Team Cymru
 
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis