Chrome OS Update Brings Many Security Fixes

The Chrome team at Google has released an update to Chrome OS, the platform for Chromebooks.  The latest update, build 45.0.2454.85 for those keeping score at home, contains a long list of fixes and improvements including 29 different security fixes.  While a full blog post by the Chromium team is expected later today, the initial post on the Chrome OS Release blog has the highlights.

If you have a Chromebook, you should receive the update to build 45 of Chrome OS automatically.  You can of course manually check by going to Settings>About Chrome OS and tap the Check for Updates button.

As for the fixes you will find in this release of Chrome OS, there are quite a few.

This update includes 29 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.

[$7500][516377] High CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous.

[$7500][522791] High CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski.

Chrome OS
Chrome OS

[$7500][524074] High CVE-2015-1293: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.

[$5000][492263] High CVE-2015-1294: Use-after-free in Skia. Credit to cloudfuzzer.

[$3000][502562] High CVE-2015-1295: Use-after-free in Printing. Credit to anonymous.

[$1000][421332] High CVE-2015-1296: Character spoofing in omnibox. Credit to zcorpan.

[$3000][510802] Medium CVE-2015-1297: Permission scoping error in WebRequest. Credit to Alexander Kashev.

[$3000][518827] Medium CVE-2015-1298: URL validation error in extensions. Credit to Rob Wu.

[$2000][416362] Medium CVE-2015-1299: Use-after-free in Blink. Credit to taro.suzuki.dev.

[$1000][511616] Medium CVE-2015-1300: Information leak in Blink. Credit to cgvwzq.

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. The total value of additional rewards and their recipients will updated here when all reports have gone through the reward panel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

  • [526825] CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.5 branch (currently 4.5.103.29).

Many of the above bugs were detected using AddressSanitizer or MemorySanitizer.