Chrome 36 Critical Update: Fixes 12 Issues Including Info Disclosure
Aug 22, 2014
•
Anthony Pell
1 min read
Topics Covered
Google patched its Chrome browser this week, fixing 12 vulnerabilities, including both a serious information disclosure bug and a use-after-free vulnerability that could let users obtain potentially sensitive information and execute arbitrary code.
French security researcher Antoine Delignat-Lavaud discovered the information disclosure problem (CVE-2014-3166) in SPDY, an open networking protocol that transports web content. According to the National Vulnerability Database, the Public Key Pinning (PKP) implementation in the browser on Windows, OS X, Linux and Android fails to consider the SPDY handler. This could allow attackers to obtain sensitive information by leveraging the use of multiple domain names.
The link for this article located at ThreatPost is no longer available.
Discover faster search, smarter navigation, and deeper Linux security insights. Read More
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!