Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Update Your Chrome Browser to Latest Version "Chrome 55"- 36 Security Vulnerabilities Patched

 

 

If you are a Chrome your, then update it to its latest version “Chrome 55”. On Monday, Google has released this update to patch 36 security vulnerabilities. In this update, Google has also disabled popular Adobe Flash Plugin by default. From total 36 vulnerabilities, 26 had been discovered by external security researchers. Search engine giant Google has paid around $75,000 as bounties to these security researchers. From these 36 security vulnerabilities, 12 were considered as high-risk vulnerabilities. If we talk about medium level vulnerabilities, there was 9 such type of flaws and 5 vulnerabilities were considered as the low-level risk by Google.

 

List of High-Risk Vulnerabilities

 

  • CVE-2016-9651 (Private Property Access in V8)

          Discovered by Guang Gong and he didn’t get any bounty for it.

 

  • CVE-2016-5208 (Universal XSS in Blink)

          Discovered by Mariusz Mlynski and he got $7500 as bounty.

 

  • CVE-2016-5207 (Universal XSS in Blink)

          Discovered by Mariusz Mlynski and he got $7500 as bounty.

 

  • CVE-2016-5206 (Same origin bypass in PDFium)

          Discovered by Rob Wu and he got $7500 as bounty.

 

  • CVE-2016-5205 (Universal XSS in Blink)

          Discovered by Anonymous and he got $7500 as bounty.

 

  • CVE-2016-5204 (Universal XSS in Blink)

          Discovered by Mariusz Mlynski and he got $7500 as bounty.

 

  • CVE-2016-5209 (Out of Bounds write in blink)

          Discovered by Giwan Go and he got $5000 as bounty.

 

  • CVE-2016-5203 (Use After Free in PDFium)

          Discovered by Anonymous and he got $3000 as bounty.

 

  • CVE-2016-5210 (out of Bounds write in PDFium)

          Discovered by Ke Liu (Tencent’s Xuanwu LAB) and he got $3500 as bounty.

 

  • CVE- 2016-5212 (Local File Disclosure in DevTools)

          Discovered by Khalil Zhani and he got $3000 as bounty.

 

  • CVE-2016-5211 (Use after free in PDFium)

          Discovered by Anonymous and he got $3000 as bounty.

 

  • CVE-2016-5213 (Use after free in V8)

          Discovered by Khalil Zhani and he got $500 as bounty.

 

List of Medium-Level Risk Vulnerabilities

 

  • CVE-2016-5214 (File Download Protection Bypass)

          Discovered by MSVR and Jonathan Birch and they didn’t get any bounty.

 

  • CVE-2016-5216 (Use after free in PDFium)

          Discovered by Anonymous and he got $3000 as bounty.

 

  • CVE-2016-5215 (Use after free in Web audio)

          Discovered by Looben Yang and he got $3000 as bounty.

 

  • CVE-2016-5217 (Use of unvalidated data in PDFium)

          Discovered by Rob Wu and he got $2500 as bounty.

 

  • CVE-2016-5218 (Address Spoofing in Omnibox)

          Discovered by Abdulrahman Alqabandi and he got $2000 as bounty.

 

  • CVE-2016-5219 (Use after free in V8)

         Discovered by Rob Wu and he got $1500 as bounty.

 

  • CVE-2016-5221 (Integer overflow in ANGLE)

          Discovered by Tim Becker and he got $1000 as bounty.

 

  • CVE-2016-5220 (Local File Access in PDFium)

          Discovered by Rob Wu and he got $1000 as bounty.

 

  • CVE-2016-5222 (Address Spoofing in Omnibox)

          Discovered by xisigr (Tencent’s Xuanwu Lab) and he got $500 as bounty.

 

List of Low-Risk Vulnerabilities

(Google did not pay any bounty to the researchers of these vulnerabilities)

 

  • CVE-2016-9650 (CSP Referrer disclosure)

          Discovered by Jakub Zoczek

 

  • CVE-2016-5233 (Integer Overflow in PDFium)

          Discovered by Hwiwon Lee

 

  • CVE-2016-5226 (Limited XSS in Blink)

          Discovered by Jun Kokatsu

 

  • CVE-2016-5225 (CSP bypass in Blink)

          Discovered by Scott Helme

 

  • CVE-2016-5224 (Same-origin bypass in SVG)

          Discovered by Roeland Krak

 

Other Security Updates in Chrome 55

 

 

In this latest version of Chrome, HTML5 is the default experience and Google has disabled Adobe Flash Plugin by default. The user has to enable this plug manually. Google did this to prevent users from those malicious websites which are using Flash content out of the box. It is a good initiative of Google to improve user security.

 

Google has not disabled “Adobe Flash Plugin” for permanently. If a user visits a site which requires adobe flash plugin, he can enable it manually. The website will remember this option every time when user will visit the same website again. Adobe Flash Player is highly vulnerable plugin this step of Google will reduce the risk of browser hijack, cookie stealing attacks, and adware installations etc.

 

Some of the websites were showing an untrusted error when users were visiting these websites. These websites are using SLL and TLS certificates of GeoTrust, Symantec and Thawte. This issue has been resolved by Google in Chrome 55.

 

Conclusion

Google has released “Chrome 55’ to patch 36 security vulnerabilities so update your browser as soon as possible. This update is available for the Chrome users of Mac, Windows, and Linux Operating system. Don’t be lazy because every outdated software is always a malware.

 

Other Hot Hacking News: 

Distributed Guessing Attack- A Six Seconds Attack to Hack VISA Payment System without Card Details

This is How to Bypass “iCloud Activation Lock” on iPhone and iPad

Repeat Offenders- Google’s New Weapon to Fight Against Malicious Websites!

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.