On Tuesday, Google has released Chrome version 65.0.3325.146 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to obtain access to sensitive information. Several components including the Blink engine were significantly improved, and a number of security fixes were made, repairing a total of 45 security holes. For developers, the new version adds two new APIs, namely the CSS Paint API and the ServerTiming API.
[$5000][758848] High CVE-2018-6058: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25[$5000][758863] High CVE-2018-6059: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25[$3000][780919] High CVE-2018-6060: Use after free in Blink. Reported by Omair on 2017-11-02[$3000][794091] High CVE-2018-6061: Race condition in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2017-12-12[$1000][780104] High CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous on 2017-10-31[$N/A][789959] High CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-11-30[$N/A][792900] High CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-12-07[$N/A][798644] High CVE-2018-6064: Type confusion in V8. Reported by lokihardt of Google Project Zero on 2018-01-03[$N/A][808192] High CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand of Google Project Zero on 2018-02-01More…