Google heeft versie 41 van zijn webbrowser Chrome uitgebracht. Google Chrome is beschikbaar voor Windows, Linux en OS X. Er zijn ook versies voor Android en iOS, maar die volgen een iets ander release-schema. In versie 41 treffen we onder meer diverse nieuwe app- en extention-api's aan en zijn er maar liefst 51 beveiligingsproblemen verholpen.
Stable Channel Update
The Chrome team is delighted to announce the promotion of Chrome 41 to the stable channel for Windows, Mac and Linux. Chrome 41.0.2272.76 contains a number of fixes and improvements, including:
A list of changes is available in the log.
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 51 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. The total value of additional rewards and their recipients will be updated here when all reports have gone through the reward panel.
-  High CVE-2015-1212: Out-of-bounds write in media.
-  High CVE-2015-1213: Out-of-bounds write in skia filters.
-  High CVE-2015-1214: Out-of-bounds write in skia filters.
-  High CVE-2015-1215: Out-of-bounds write in skia filters.
-  High CVE-2015-1216: Use-after-free in v8 bindings.
-  High CVE-2015-1217: Type confusion in v8 bindings.
-  High CVE-2015-1218: Use-after-free in dom.
-  High CVE-2015-1219: Integer overflow in webgl.
-  High CVE-2015-1220: Use-after-free in gif decoder.
-  High CVE-2015-1221: Use-after-free in web databases.
-  High CVE-2015-1222: Use-after-free in service workers.
-  High CVE-2015-1223: Use-after-free in dom.
-  High CVE-2015-1230: Type confusion in v8.
-  Medium CVE-2015-1224: Out-of-bounds read in vpxdecoder.
-  Medium CVE-2015-1225: Out-of-bounds read in pdfium.
-  Medium CVE-2015-1226: Validation issue in debugger.
-  Medium CVE-2015-1227: Uninitialized value in blink.
-  Medium CVE-2015-1228: Uninitialized value in rendering.
-  Medium CVE-2015-1229: Cookie injection via proxies.
As usual, our ongoing internal security work was responsible for a wide range of fixes:
-  CVE-2015-1231: Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.1 branch (currently 184.108.40.206).