Web browsers are the most used apps when we are connected to the internet and so, their security is vital to avoid users being victims of cyberattacks. Google works constantly to make their browser, the most used one in the entire world, a secure tool when facing cyberattacks and other kinds of pirate abuse. So, continuing with their security labor, Google just launched the new Google Chrome 64.
As we told you yesterday, a couple hours ago Google launched the new version of its web browser, Google Chrome 64,that comes with many upgrades and news specially related with security when surfing the web.
Without a doubt, the most interesting thing on this new version are the patches introduced by Google to protect us from Meltdown and Spectre, the two vulnerabilities that have cornered processors all over the world, from Intel to AMD and ARM. According to Google, this patch can affect the browsers performance but they expect to end this soon with a new patch.
Besides from all the news and changes, Google has used the launch of this new version to fix a total of 53 security errors found both by their own engineers and by security experts from outside the company.
Next, we will examine in detail this solved vulnerabilities.
Security errors fixed on Google Chrome 64
Out of all the security errors fixed in this update, 3 of them are Highly Dangerous and allowed access to the PDFium resources even after liberating the viewfinder resources, as well as an impersonation with Shared Worker and an error that could put us in danger when opening files downloaded from the internet. Google paid 3000, 2000 and 1000 USD respectively to the people who found this errors.
There were also 13 medium-danger errors from overflow of integers and buffer to problems with the isolation of certain tools of the browser. Strangely, Google paid up to 4000 USD for a medium-danger while paying 3000 for the more dangerous threat. Most of the medium range vulnerabilities discoveries were rewarded with 1000 USD and the less relevant ones with 500.
Finally, there were 8 low-danger errors harder to exploit which don’t represent much danger to users but costed, most of them, 500 dollars each.
The rest of the errors have not been specified yet, although the information should start showing once users update the browser.
As we can see, based on the known rewards, launching the new version of the browser has costed Google more than 22.000 USD. Still, it was money well spent since if pirates have found these errors before Google did, this could have put our security in jeopardy.