Η Google managed to patch 62 security vulnerabilities in Chrome 40. He also donated $ 88.500 to the "bug hunters" who identified the vulnerabilities.
Of these fixes, 17 could cause Memory corruptions and vulnerabilities use-after-free in Chrome elements, such as ffmpeg, ICU and DOM.
Her researchers Google have provided the browser update Chrome 40 on the fixed channel for Windows, Mac, and Linux.
The fixed version channel he also says that the Chrome App error messages were updated.
Researcher Yangdingning managed to win $9000, while Cloudfuzzer took home $12.000 of Google's $53.500. The additional 35.000 was given to other researchers who worked for her better safety of Chrome 40 browser.
The following list shows the vulnerabilities that were repaired to Chrome 40, the amounts allocated and the names of the researchers
- [5000] [430353] High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.
- [4500] [435880] High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.
- [4000] [434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer.
- [4000] [422824] High CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.
- [3500] [444695] High CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.
- [3500] [435073] High CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.
- [3000] [442806] High CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.
- [3000] [442710] High CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.
- [2000] [443115] High CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.
- [2000] [429666] High CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen of OUSPG.
- [2000] [427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit to aohelin.
- [2000] [427249] High CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.
- [2000] [402957] High CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.
- [1500] [428561] High CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.
- [1500] [419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen of OUSPG.
- [1000] [416323] High CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen of OUSPG.
- [$ 1000] [399951] High CVE-2014-7939: Same-origin- bypass in V8. Credit to Takeshi Terada.
- [1000] [433866] Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.
- [1000] [428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen of OUSPG and Christoph Diehl.
- [1000] [426762] Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.
- [1000] [422492] Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
- [1000] [418881] Medium CVE-2014-7944: Out-of-bounds read in PDF. Credit to cloudfuzzer.
- [1000] [414310] Medium CVE-2014-7945: Out-of-bounds read in PDF. Credit to cloudfuzzer.
- [1000] [414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.
- [500] [430566] Medium CVE-2014-7947: Out-of-bounds read in PDF. Credit to fuzztercluck.
- [$ 500] [414026] Medium CVE-2014-7948: Caching error in AppCache. Credit to jiayaoqijia.