Google Patches 8 Vulnerabilities in Chrome 77


Google this week announced an update for Chrome 77 that addresses 8 security vulnerabilities in the application, including 5 reported by external researchers.

The new browser update arrives only a couple of weeks after Google patched four security flaws with the release of Chrome 77.0.3865.90, including two vulnerabilities that, combined with another type of weakness, could result in a sandbox escape.

Previously, Google released Chrome 77 to the stable channel with patches for a total of 52 vulnerabilities.

The five externally reported bugs addressed this week are rated High severity and brought the reporting researchers a total of $45,000 in bug bounty rewards.

The most important of them is a use-after-free in IndexedDB, reported by Guang Gong of Alpha Team at Qihoo 360. Tracked as CVE-2019-13693, the vulnerability was awarded a $20,500 bounty.

Read more…