Google released an updated version of Google Chrome version 66.0.3359.170 for Windows, Mac, and Linux systems that addressed 4 security vulnerabilities.
“This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.” reads the post published by Google.
- [835887] Critical: Chain leading to sandbox escape. Reported by Anonymous on 2018-04-23:
- [836858] High CVE-2018-6121: Privilege Escalation in extensions.
- [836141] High CVE-2018-6122: Type confusion in V8.
- [$5000][833721] High CVE-2018-6120: Heap buffer overflow in PDFium. Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on 2018-04-17″
Three vulnerabilities were reported by external security researchers. The most critical issues are related to privilege escalation in extensions tracked as CVE-2018-6121 and a type confusion in V8 tracked as CVE-2018-6122.
Chrome addressed the CVE-2018-6120 heap buffer overflow in PDFium reported by Zhou Aiting of Qihoo 360 Vulcan Team that received a $5,000 reward.
Google issued security patches to address another Critical flaw in Chrome, the flaw was fixed in April with the 66.0.3359.137 version.
Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist. He is also a founding member and Pentester at CSIRT.UBI and founder of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, hacking, cybersecurity, IoT and security in computer networks. He is also Freelance Writer.
Read more here.