Google Fixes Sandbox Escape in ChromeMay 19, 2015 – 4:54 PM
Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox.
That vulnerability is one of 37 bugs fixed in version 43 of Chrome. Six of those flaws are rated as high risks and Google paid out more than $38,000 in rewards to researchers who reported vulnerabilities to the company. Among the other serious vulnerabilities are cross-origin bypasses and three use-after-free vulnerabilities.
Google has not yet released the details of the vulnerabilities, so the nature and location of the sandbox-escape bug aren’t clear. The company waits until most users have updated to the new version before releasing complete details of the vulnerabilities.