ID: IRCNE2014032132
Date: 2013-03-15
According to "cnet", Google has fixed seven security flaws in Chrome, just a day before the annual, real-time hacking competitions Pwnium and Pwn2Own.
The new security update for Chrome on Windows, Mac, and Linux patched four flaws labeled as High, below the more important level of Critical; three flaws in its rendering engine V8; and updated its internal version of Flash Player.
Three High-level vulnerabilities were found by three independent researchers. The last High-level vulnerability was discovered by Google employees, as were the V8 vulnerabilities.
- CVE-2014-1700: Use-after-free in speech.
- CVE-2014-1701: UXSS in events.
- CVE-2014-1702: Use-after-free in web database.
- CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets.
- CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18.
- 3