Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 43 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$N/A][905940] High CVE-2018-17480: Out of bounds write in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 via Tianfu Cup on 2018-11-16
[$6000][901654] High CVE-2018-17481: Use after frees in PDFium. Reported by Anonymous on 2018-11-04
[$5000][895362] High CVE-2018-18335: Heap buffer overflow in Skia. Reported by Anonymous on 2018-10-15
[$5000][898531] High CVE-2018-18336: Use after free in PDFium. Reported by Huyna at Viettel Cyber Security on 2018-10-24
[$3000][886753] High CVE-2018-18337: Use after free in Blink. Reported by cloudfuzzer on 2018-09-19
[$3000][890576] High CVE-2018-18338: Heap buffer overflow in Canvas. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-09-29
[$3000][891187] High CVE-2018-18339: Use after free in WebAudio. Reported by cloudfuzzer on 2018-10-02
[$3000][896736] High CVE-2018-18340: Use after free in MediaRecorder. Reported by Anonymous on 2018-10-18
[$3000][901030] High CVE-2018-18341: Heap buffer overflow in Blink. Reported by cloudfuzzer on 2018-11-01
[$3000][906313] High CVE-2018-18342: Out of bounds write in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-11-17
[$1000][882423] High CVE-2018-18343: Use after free in Skia. Reported by Tran Tien Hung (@hungtt28) of Viettel Cyber Security on 2018-09-10
[$TBD][866426] High CVE-2018-18344: Inappropriate implementation in Extensions. Reported by Jann Horn of Google Project Zero on 2018-07-23
[$TBD][900910] High To be allocated: Multiple issues in SQLite via WebSQL. Reported by Wenxiang Qian of Tencent Blade Team on 2018-11-01
[$8000][886976] Medium CVE-2018-18345: Inappropriate implementation in Site Isolation. Reported by Masato Kinugawa and Jun Kokatsu (@shhnjk) on 2018-09-19
[$2000][606104] Medium CVE-2018-18346: Incorrect security UI in Blink. Reported by Luan Herrera (@lbherrera_) on 2016-04-23
[$2000][850824] Medium CVE-2018-18347: Inappropriate implementation in Navigation. Reported by Luan Herrera (@lbherrera_) on 2018-06-08
[$2000][881659] Medium CVE-2018-18348: Inappropriate implementation in Omnibox. Reported by Ahmed Elsobky (@0xsobky) on 2018-09-07
[$2000][894399] Medium CVE-2018-18349: Insufficient policy enforcement in Blink. Reported by David Erceg on 2018-10-11
[$1000][799747] Medium CVE-2018-18350: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu (@shhnjk) on 2018-01-06
[$1000][833847] Medium CVE-2018-18351: Insufficient policy enforcement in Navigation. Reported by Jun Kokatsu (@shhnjk) on 2018-04-17
[$1000][849942] Medium CVE-2018-18352: Inappropriate implementation in Media. Reported by Jun Kokatsu (@shhnjk) on 2018-06-06
[$1000][884179] Medium CVE-2018-18353: Inappropriate implementation in Network Authentication. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-09-14
[$1000][889459] Medium CVE-2018-18354: Insufficient data validation in Shell Integration. Reported by Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab on 2018-09-26
[$500][896717] Medium CVE-2018-18355: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-18
[$TBD][883666] Medium CVE-2018-18356: Use after free in Skia. Reported by Tran Tien Hung (@hungtt28) of Viettel Cyber Security on 2018-09-13
[$TBD][895207] Medium CVE-2018-18357: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-15
[$TBD][899126] Medium CVE-2018-18358: Insufficient policy enforcement in Proxy. Reported by Jann Horn of Google Project Zero on 2018-10-26
[$TBD][907714] Medium CVE-2018-18359: Out of bounds read in V8. Reported by cyrilliu of Tencent Zhanlu Lab on 2018-11-22
[$500][851821] Low To be allocated: Inappropriate implementation in PDFium. Reported by Salem Faisal Elmrayed on 2018-06-12
[$500][856135] Low To be allocated: Use after free in Extensions. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-06-25
[$500][879965] Low To be allocated: Inappropriate implementation in Navigation. Reported by Luan Herrera (@lbherrera_) on 2018-09-03
[$500][882270] Low To be allocated: Inappropriate implementation in Navigation. Reported by Jesper van den Ende on 2018-09-09
[$500][890558] Low To be allocated: Insufficient policy enforcement in Navigation. Reported by Ryan Pickren (ryanpickren.com) on 2018-09-29
[$TBD][895885] Low To be allocated: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 of Bilibili Security Team on 2018-10-16
This bug was fixed in Chrome 69, but was incorrectly omitted from the release notes at the time:
[$3000][853937] Medium To be allocated: Insufficient policy enforcement in Payments. Reported by Jun Kokatsu (@shhnjk) on 2018-06-18
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [911706] Various fixes from internal audits, fuzzing and other initiatives
Follow
31 comments :
I absolutely hate the new design that was introduced in 69 and now forced on us by 71. It is horrendous for people who have a lot of tabs open at one time. Try focusing on designing for those people!
+1
I really don't get, why nearly all IT-companies enjoy forcing their users to something they clearly don't want so much.
Where's the problem in leaving a choice? Like in Chrome 69 and 70 where we could use that flag to retain the old design?
Dear Google, dear IT-Companies: If you want to push out new features and designs leave us users a choice and CONVINCE us of the benefits it has.
If you FORCE us users instead you'll get at least some revolt. Rightfully so.
Update chrome OS Dev channel. Its unusable right now. Constant crashing when enabling google assistant.
We really want the classic design back... Give us the OPTION to use the flags again to use the classic desgn please
The ability to call someone using Hangouts is broken now. Cant place calls. Cant give access to my microphone. Just a blank pop up comes up.
Horrendous top bar is deal-breaker, downgrading for now, If they don't give classic option ditch Chrome.
I absolutely despise this new UI that's being forced on us.
Give the flag back, please.
Given this day and age you should give users the option to customize their own UI, but whatever.
it's not stable, cannot detect camera
The new forced tab UI design is so cluttered.
I like the old style where you could see the color of the bar behind the tabs. And the index card look is much more clear visually than this new style.
Sadly now I can't even change it.
Hi
Sorry my bad english :
Latest Chrome stable.
The "fullscreen" button does not work.
link :
https://index.indavideo.hu/video/index_tamogatas_nincs_masik_onodi_eszter
Bring back the old tab style. The new design is disgusting. What were you devs thinking? I'm definitely dropping chrome browser if the old tabs style is not returned.
Update 71.0.3578.80 has now given us an ERR_TUNNEL_CONNECTION error and we can't use the browser anymore. No solutions have been found yet for this.
Mastowns@, could you please report a bug under crbug.com and provide all details there?
Google restore the old look of the cards.
The space between the icons on the bookmarks bar is too large.
Major Google fan, even have a Pixel phone but hate the new UI and now it's forced on me.... Downloading Firefox
Love the new UI design. Here to commend you on it. Thanks for all the hard word!
Could not disable top-chrome-md in 71.0.3578.80
The new top-chrome-md is REALLY URGLY!!
When updating the component "Origin Trials" keeps on giving: error updating.
What does that mean?
If you face any issues remember to fill a bug report in
https://bugs.chromium.org/p/chromium/issues/list
No longer able to mute volume on individual tabs. Once again "improvements" result in a step backwards..
The new Chrome is a terrible update, In previous updates you were capable of changing the UI Layout back to "normal" through chrome://flags/ As of now you are incapable and Chrome looks horrendous, my two cents sorry.
Amazon Prime no longer streams for me starting today with this new version. This problem was not there 12/6 and just showed up now. Firefox works.
Material design 2 is officially being forced.
The worst is removing the flag #top-chrome-md, as mentioned above is horrible for those who use many tabs.
Continue with version 70.0.3538.110 with updates disabled, it's time to start testing new browsers.
Bub47@, could you please report a bug under crbug for the issue you're seeing with Amazon Prime? Please provide all details in bug. Thank you.
Please let me know where is the "Ephemeral Flash Permission" which enables the flash plugin. Or at least suggest a work around to keep flash enabled at all times.
Great. I just finished changing every onMouseOver event in TR tags because onMouseOver="bgColor='#DDDDDD'" does work right anymore. Yeah, I know that is a crappy unsupported idiom left over from NN4, and easily fixed (and made better) with css, but jeez, that was embarrassing. Old 2005 code is a timebomb, ew.
whr is our Ephemeral Flash Permission ?????????????????
the most useful thing ever and u just removed it????????????????????????
we do do need to enable flash whenever we want to
wtf r u doing now Google?!?!?!??!?!?!?!?!?!?!?!??!?
Same problem as @edwardr74. Hangouts extension is no longer working. I get a blank popup when asked to give Hangouts permission to use my mic.
So you guys are now fecking forcing the ui update when the Mac fullscreen bug hasn't been fixed. Well, I'm downgrading at this point. Feck off with your forced shit.
Post a Comment