Google Chrome 63.0.3239.84 업데이트

윈도, 맥OS, 리눅스(64비트)를 위한 구글 크롬의 63 버전에 대한 업데이트가 나왔습니다.

업데이트된 버전은 63.0.3239.84 입니다.

이번 업데이트에서는 37개의 보안 취약점에 대하여 보안 패치가 이루어졌습니다.

그 중에서도 다음과 같이 외부의 연구자가 발견한 보안 취약점에 대하여,

외부의 연구자는 아직 정해지지 않은 금액(TBD) 외에는 최고 10,500달러의 상금을 받는다고 합니다.(오~!)

[$TBD][777728] Critical CVE-2017-15398: Stack buffer overflow in QUIC.

Reported by Ned Williamson on 2017-10-24

[$10500][778505] Critical CVE-2017-15407: Out of bounds write in QUIC.

Reported by Ned Williamson on 2017-10-26

[$6337][762374] High CVE-2017-15408: Heap buffer overflow in PDFium.

Reported by Ke Liu of Tencent's Xuanwu LAB on 2017-09-06

[$5000][763972] High CVE-2017-15409: Out of bounds write in Skia.

Reported by Anonymous on 2017-09-11

[$5000][765921] High CVE-2017-15410: Use after free in PDFium.

Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-16

[$5000][770148] High CVE-2017-15411: Use after free in PDFium.

Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-29

[$3500][727039] High CVE-2017-15412: Use after free in libXML.

Reported by Nick Wellnhofer on 2017-05-27

[$500][766666] High CVE-2017-15413: Type confusion in WebAssembly.

Reported by Gaurav Dewan(@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-09-19

[$3337][765512] Medium CVE-2017-15415: Pointer information disclosure in IPC call.

Reported by Viktor Brange of Microsoft Offensive Security Research Team on 2017-09-15

[$2500][779314] Medium CVE-2017-15416: Out of bounds read in Blink.

Reported by Ned Williamson on 2017-10-28

[$2000][699028] Medium CVE-2017-15417: Cross origin information disclosure in Skia .

Reported by Max May on 2017-03-07

[$1000][765858] Medium CVE-2017-15418: Use of uninitialized value in Skia.

Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-09-15

[$1000][780312] Medium CVE-2017-15419: Cross origin leak of redirect URL in Blink.

Reported by Jun Kokatsu (@shhnjk) on 2017-10-31

[$500][777419] Medium CVE-2017-15420: URL spoofing in Omnibox.

Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-23

[$TBD][774382] Medium CVE-2017-15422: Integer overflow in ICU.

Reported by Yuan Deng of Ant-financial Light-Year Security Lab on 2017-10-13

[$500][778101] Low CVE-2017-15423: Issue with SPAKE implementation in BoringSSL.

Reported by Greg Hudson on 2017-10-25

[$N/A][756226] Low CVE-2017-15424: URL Spoof in Omnibox.

Reported by Khalil Zhani on 2017-08-16

[$N/A][756456] Low CVE-2017-15425: URL Spoof in Omnibox.

Reported by xisigr of Tencent's Xuanwu Lab on 2017-08-17

[$N/A][756735] Low CVE-2017-15426: URL Spoof in Omnibox.

Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-18

[$N/A][768910] Low CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox.

Reported by Junaid Farhan (fb.me/junaid.farhan.54) on 2017-09-26

그 외에 다음과 같이 광범위한 보안 패치가 이루어졌습니다.

[792099] Various fixes from internal audits, fuzzing and other initiatives

구글 크롬을 사용 중이라면, 주소창에 chrome://settings/help 라고 입력하여 버전을 확인해보기 바랍니다.

<참고>

https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html