Chrome Stable Update
Monday, June 22, 2015
The stable channel has been updated to 43.0.2357.130 for Windows, Mac, and Linux. A partial list of changes is available in the log.
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
Below, we highlight 4 fixes that were contributed by external researchers. Please see the Chromium security page for more information.
[$5000][464922] High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.
[TBD][494640] High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[TBD][497507] Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.
[TBD][461481] Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy.
Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.
Are you a project manager, with a technical background, who is passionate about Chrome and moving the web forward? We are hiring!
Anthony Laforge
Google Chrome
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
Below, we highlight 4 fixes that were contributed by external researchers. Please see the Chromium security page for more information.
[$5000][464922] High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.
[TBD][494640] High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[TBD][497507] Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.
[TBD][461481] Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy.
Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.
Are you a project manager, with a technical background, who is passionate about Chrome and moving the web forward? We are hiring!
Anthony Laforge
Google Chrome