The release of the latest Chrome 42 version is a great deal as it costs Google more than $21,000.
The latest version of Chrome comes with fixes for 45 security vulnerabilities in the web browser, reported by different security researchers [listed below].
Let's know about the Major updates:
Major updates and significant improvements for Chrome version 42 includes:
- Advanced Push API and Notifications API
- Disabled Oracle's Java plugin by default as well as other extensions that use NPAPI
- Patched 45 security bugs and paid out more than $21,000
Google includes Push API in its web browser for the first time. Push API, when combined with the new notifications API, allows websites to push notifications to you through your browser, even when the browser window is closed.
The Push API feature is an optional feature, which means that you can enable or disable it as per your need. This will offer users an app-like experience on the web.
Chrome 42 brings the end of official support for NPAPI ("Netscape Plugin API") by disabling old browser plugins by default that use NPAPI, including Oracle’s Java plugin and Silverlight.
However, if you really want this blocked plugin, you can manually enable NPAPI support in Chrome's settings. But, you’ll not enjoy NPAPI support for a long time as by September this year, Google will permanently remove this option.
Why Google want to vanish NPAPI?
The open-source project team has been trying to kill off NPAPI since 2013, describing NPAPI as a dangerous security and stability risk.
The search engine giant believes that by disallowing to run Java plugin would certainly reduce the possibility of the attack against its Chrome browser.
Google patches total 45 security holes in its Chrome Browser:
There were a number of high-severity vulnerabilities, including one known as Cross-origin bypass in the HTML parser. An anonymous security researcher was paid a reward of $7,500 from Google for this critical vulnerability.
The list of rest security bugs fixed in Chrome 42 for which Google paid rewards are:
- CVE-2015-1236 (Medium): Cross-origin-bypass in Blink -- Reward $4000 to Amitay Dobo
- CVE-2015-1237 (High): Use-after-free in IPC -- Reward $3000 to Khalil Zhani
- CVE-2015-1238 (High): Out-of-bounds write in Skia -- Reward $2000 to cloudfuzzer
- CVE-2015-1240 (Medium): Out-of-bounds read in WebGL -- Reward $1000 to w3bd3vil
- CVE-2015-1241 (Medium): Tap-Jacking -- Reward $1000 to Phillip Moon and Matt Weston of Sandfield Information Systems
- CVE-2015-1242 (High): Type confusion in V8 -- Reward $500 to firstname.lastname@example.org
- CVE-2015-1244 (Medium): HSTS bypass in WebSockets -- Reward $500 to Mike Ruddy
- CVE-2015-1245 (Medium): Use-after-free in PDFium -- Reward $500 to Khalil Zhani
- CVE-2015-1246 (Medium): Out-of-bounds read in Blink -- Reward $500 to Atte Kettunen of OUSPG
- CVE-2015-1247 (Medium): Scheme issues in OpenSearch -- Reward $500 to Jann Horn
- CVE-2015-1248 (Medium): SafeBrowsing bypass -- Reward $500 to Vittorio Gambaletta (VittGam)
So, if I talk about the total cost Google spent in bug bounties to external security researchers who contributed reported bugs fixed in this latest version, its around $21,500 in total.
Let's Update Chrome 42:
You can now update this latest version, Chrome Version 42, using the browser’s built-in silent update or download it straight forward from google.com/chrome. Linux users need to install the Distro Package Manager.
Have you updated Chrome 42 already? Let us know your experience with Chrome 42 in the comment box below!