Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Chrome 36 Critical Update: Fixes 12 Issues Including Info Disclosure

General Esm H446
Google patched its Chrome browser this week, fixing 12 vulnerabilities, including both a serious information disclosure bug and a use-after-free vulnerability that could let users obtain potentially sensitive information and execute arbitrary code.

French security researcher Antoine Delignat-Lavaud discovered the information disclosure problem (CVE-2014-3166) in SPDY, an open networking protocol that transports web content. According to the National Vulnerability Database, the Public Key Pinning (PKP) implementation in the browser on Windows, OS X, Linux and Android fails to consider the SPDY handler. This could allow attackers to obtain sensitive information by leveraging the use of multiple domain names.

The link for this article located at ThreatPost is no longer available.