谷歌公司每个几个星期都会发布其浏览器chrome的新版本,有时只会有一到两个安全修复补丁,但是本次发布的Chrome 29,修复了25个漏洞,其中有三个漏洞发现者谷歌公司各奖励了1000美元,其余也获得了不菲的奖金。
在Chrome 29中修复的漏洞如下:
[$1337] [181617] High CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj. [$500] [254159] Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian Jaeger. [$1337] [257363] High CVE-2013-2901: Integer overflow in ANGLE. Credit to Alex Chapman. [$1000] [260105] High CVE-2013-2902: Use after free in XSLT. Credit to cloudfuzzer. [$1000] [260156] High CVE-2013-2903: Use after free in media element. Credit to cloudfuzzer. [$1000] [260428] High CVE-2013-2904: Use after free in document parsing. Credit to cloudfuzzer.
freebuf建议用户立即更新浏览器,防止利用这些漏洞的攻击。