Google crushes 33 Chrome bugs, pays boffins more than $56k
Uni kid's turn to shout.
Google has patched 33 Chrome vulnerabilities, including 13 rated high severity, with the release of verison 53 of the world's most popular web browser.
Six high-severity bugs were reported in Google's native Adobe Reader wrecker PDFium, namely a use after free and five heap overflows of which three were reported by GiWan Go of mobile app hack outfit Stealien.
Five mostly severe flaws were dug up in the Blink web browser engine including two universal cross-site scripting holes, one use after free, a use after destruction, and a minor type confusion bug.
Massachusetts Institute of Technology computer science student Max Justicz scored US$7500 in beer money for reporting script injection in Chrome extensions.
All told Google doled out US$56,500(£42,568, A$74,860) to hackers reporting bugs and likely more since four have pay outs that are yet to be decided.
Three of those are high severity heap overflows in Chrome's PDFium and are likely to bag about US$5000 each. The fourth is a medium severity SMB relay attack that abuses the save page as functionality.
Google has been on an exciting patch run of late, fixing 48 bugs in July. The full list is below. ®
|Bounty||Google bug ID||Severity||CVE||Description||Credit|
|$1000||618037||Medium||CVE-2016-5165||Script injection in DevTools||Credit to Gregory Panakkal|
|$2000||637594||Medium||CVE-2016-5164||Universal XSS using DevTools||Credit to anonymous|
|$3000||633002||High||CVE-2016-5154||Heap overflow in PDFium||Credit to anonymous|
|$3000||630662||High||CVE-2016-5155||Address bar spoofing||Credit to anonymous|
|$3000||625404||High||CVE-2016-5156||Use after free in event bindings||Credit to jinmo123|
|$3000||609680||Medium||CVE-2016-5163||Address bar spoofing||Credit to Rafay Baloch PTCL Etisalat (http://rafayhackingarticles.net)|
|$3500||631052||High||CVE-2016-5153||Use after destruction in Blink||Credit to Atte Kettunen of OUSPG|
|$500||576867||Low||CVE-2016-5160||Extensions web accessible resources bypass||Credit to @l33terally, FogMarks.com (@FogMarks)|
|$5000||637963||High||CVE-2016-5150||Use after free in Blink||Credit to anonymous|
|$5000||634716||High||CVE-2016-5151||Use after free in PDFium||Credit to anonymous|
|$5000||629919||High||CVE-2016-5152||Heap overflow in PDFium||Credit to GiWan Go of Stealien|
|$7500||628942||High||CVE-2016-5147||Universal XSS in Blink||Credit to anonymous|
|$7500||621362||High||CVE-2016-5148||Universal XSS in Blink||Credit to anonymous|
|$7500||573131||High||CVE-2016-5149||Script injection in extensions||Credit to Max Justicz (http://web.mit.edu/maxj/www/)|
|$n/a||622420||Medium||CVE-2016-5161||Type confusion in Blink||Credit to 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro's Zero Day Initiative|
|$n/a||589237||Medium||CVE-2016-5162||Extensions web accessible resources bypass||Credit to Nicolas Golubovic|
|$TBD||632622||High||CVE-2016-5157||Heap overflow in PDFium||Credit to anonymous|
|$TBD||628890||High||CVE-2016-5158||Heap overflow in PDFium||Credit to GiWan Go of Stealien|
|$TBD||628304||High||CVE-2016-5159||Heap overflow in PDFium||Credit to GiWan Go of Stealien|
|$TBD||616429||Medium||CVE-2016-5166||SMB Relay Attack via Save Page As||Credit to Gregory Panakkal|