Google has managed to repair 62 security vulnerabilities in Chrome 40. He also donated $ 88.500 to the "bug hunters" who identified the vulnerabilities.
Of these fixes, 17 could lead to Memory corruptions and vulnerabilities points use-after-free in Chrome elements, such as FFmpeg, ICU and DOM.
Her researchers Google provided the program update tourς Chrome 40 on the fixed channel for Windows, Mac and Linux.
The fixed version channel he also says that the Chrome App error messages were updated.
Yangdingning researcher managed to win 9000 dollars, while Cloudfuzzer took 12.000 dollars from 53.500 that Google had. The extra 35.000 was given to other researchers who worked for his safety Chrome 40 browser.
The following list shows the vulnerabilities that were repaired to Chrome 40, the amounts allocated and the names of the researchers
- [5000] [430353] High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.
- [4500] [435880] High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.
- [4000] [434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer.
- [4000] [422824] High CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.
- [3500] [444695] High CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.
- [3500] [435073] High CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.
- [3000] [442806] High CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.
- [3000] [442710] High CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.
- [2000] [443115] High CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.
- [2000] [429666] High CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen of OUSPG.
- [2000] [427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit to aohelin.
- [2000] [427249] High CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.
- [2000] [402957] High CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.
- [1500] [428561] High CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.
- [1500] [419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen of OUSPG.
- [1000] [416323] High CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen of OUSPG.
- [1000] [399951] High CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada.
- [1000] [433866] Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.
- [1000] [428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen of OUSPG and Christoph Diehl.
- [1000] [426762] Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.
- [1000] [422492] Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
- [1000] [418881] Medium CVE-2014-7944: Out-of-bounds read in PDF. Credit to cloudfuzzer.
- [1000] [414310] Medium CVE-2014-7945: Out-of-bounds read in PDF. Credit to cloudfuzzer.
- [1000] [414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.
- [500] [430566] Medium CVE-2014-7947: Out-of-bounds read in PDF. Credit to fuzztercluck.
- [$ 500] [414026] Medium CVE-2014-7948: Caching error in AppCache. Credit to jiayaoqijia.
