Chrome 67 Promoted to Stable Channel for Windows, Mac & Linux – Mobile Coming Soon
Google is now rolling out the latest version of its Chrome browser. Google Chrome 67 is available for Mac, Windows, and Linux, bringing a number of new features and security updates to the browser. “The Chrome team is delighted to announce the promotion of Chrome 67 to the stable channel for Windows, Mac and Linux,” the company wrote today. Under a phased rollout strategy, the update will be rolled out to users in the coming days and weeks.
Chrome 67 brings some notable features and feature extensions. The company is continuing to roll out Site Isolation to a larger percentage of users. Site Isolation improves the browser’s security and helps mitigate Spectre associated risks.
Google has also started to begin testing the new WebXR Device API that allows developers to build experiences like 360-degree videos and provides access to input and output capabilities commonly associated with Virtual Reality (VR) and Augmented Reality (AR) functionality.
Many apps use sensor data to offer experiences like fitness tracking and immersive gaming. This data will now be available to web apps using the Generic Sensor API. For more details on what’s new for developers in Chrome 67, check out this link.
Chrome 67 fixes 34 security flaws
Today’s update also brings fixes to over 34 security issues, including some rated high in severity. Here are the details of these bugs and how much Google paid in bug bounties.
[$3000] High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22
[$5000] High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07
[$5000] High CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico, Inc on 2018-03-05
[$N/A] High CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric of Google Project Zero on 2018-05-18
[$TBD] High CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang on 2018-05-15
[$TBD] High CVE-2018-6128: uXSS in Chrome on iOS. Reported by Tomasz Bojarski on 2018-05-09
[$N/A] High CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-01
[$N/A] High CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-04-30
[$N/A] High CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-27
[$500] Medium CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald E. Crane on 2018-05-04
[$500] Medium CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-28
[$500] Medium CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-12-23
[$1000] Medium CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane on 2018-03-19
[$1500] Medium CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong on 2018-04-12
[$2000] Medium CVE-2018-6137: Leak of visited status of page in Blink. Reported by Michael Smith (spinda.net) on 2018-04-21
[$2000] Medium CVE-2018-6138: Overly permissive policy in Extensions. Reported by François Lajeunesse-Robert on 2018-02-08
[$2000] Medium CVE-2018-6139: Restrictions bypass in the debugger extension API. Reported by Rob Wu on 2018-01-24
[$2000] Medium CVE-2018-6140: Restrictions bypass in the debugger extension API. Reported by Rob Wu on 2018-01-01
[$2000] Medium CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2017-12-19
[$4500] Medium CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo Han of Naver Corporation on 2018-04-28
[$TBD] Medium CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-15
[$500] Low CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk on 2018-04-02
[$500] Low CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato Kinugawa on 2018-01-25
[$TBD] Low CVE-2018-6147: Password fields not taking advantage of OS protections in Views. Reported by Michail Pishchagin (Yandex) on 2018-03-02