Follow Slashdot stories on Twitter


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Submission + - Google Fixes Critical Sandbox Escape Flaw in Chrome

Trailrunner7 writes: Google has fixed 50 security vulnerabilities in its Chrome browser, including a critical string of bugs that can allow an attacker to execute arbitrary code outside of the browser’s sandbox.

This is one of the larger batches of fixes that Google has produced for Chrome recently. The company releases frequent updates for the browser and often will push out a new version with only a handful of security patches. But Chrome 37 includes 50 patches, a huge number by any measure. The most notable vulnerability patched in this version is actually a combo platter of several flaws that can be used to escape the Chrome sandbox and gain remote code execution.

The group of vulnerabilities earned the security researcher who reported them a $30,000 bug bounty from Google, one of the higher rewards that the company has given to a researcher outside of its Pwnium competitions. Google’s bug bounties typically fall into the $1,000-$5,000 range, but the company’ security team sometimes will award significantly higher rewards to researchers who report especially critical or creative bugs.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Google Fixes Critical Sandbox Escape Flaw in Chrome

Comments Filter:

A fanatic is a person who can't change his mind and won't change the subject. - Winston Churchill