5 votes

Google Releases Security Updates for Chrome (Remote Code Execution?)

2 comments

  1. [2]
    Soptik
    Link
    I've found merge request associated with the new version. However, the bug is not public. Save search policy looks like porn filter, designed to be used especially at schools or workplaces. Since...

    I've found merge request associated with the new version.

    Fix safe search policy not being applied on redirects. This is another regression from r579953. The problem is that NetworkDelegate::OnBeforeURLRequest is called on the initial request and every redirect, while URLLoaderThrottle::WillStartRequest is only called on the original request and not redirects. This cl doesn't fix the network service path, as we don't have a way to change the URL in a throttle on a redirect. It's meant to be as minimal to merge. Follow-up cls will add a test and fix this for network service path.

    However, the bug is not public.

    Save search policy looks like porn filter, designed to be used especially at schools or workplaces.

    Since it looks like the only vulnerability is evading porn filter with redirects, the gov site probably doesn't talk about version 110 (as is written there), but about one of the previous versions which probably were deployed alongside with version 110 changes.

    The actual vulnerabilities might've been silent uint_32t overflow or reallocating some transport buffer.

    1 vote
    1. Deimos
      Link Parent
      Hmm, I think those might be something else too. On this post on the official blog about 70.0.3538.110 (which is the version listed in the gov site), it says: But the bug it links to isn't publicly...

      Hmm, I think those might be something else too.

      On this post on the official blog about 70.0.3538.110 (which is the version listed in the gov site), it says:

      This update includes 1 security fix. Please see the Chrome Security Page for more information.

      [905336] High CVE-2018-17479: Use-after-free in GPU.

      But the bug it links to isn't publicly visible.

      Here's a bit of info about that CVE number, not sure if there's a better source: http://www.rewterz.com/rewterz-news/rewterz-threat-advisory-cve-2018-17479-google-chrome-use-after-free-vulnerability

      The official list has that number reserved since September 25 but not public yet: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17479

      4 votes