Discussion in 'other security issues & news' started by ronjor, Mar 9, 2017.
Original release date: March 09, 2017
Original release date: March 30, 2017
I have build 133, and when I click on About to check for updates, it says it's up-to-date.
Not yet fully released?
The link in Ron's post didn't state this information.
You're welcome! https://chromereleases.googleblog.com/ is the place to watch.
Seems like these holes were quite serious, if I'm correct it could be used to even bypass the sandbox. That's why I would always advice to keep using AE, no matter how secure the browser is. On the other hand, these type of advanced exploits often don't get used in exploit-kits.
Enabling Appcontainer protection in Chrome hidden settings could also do the same. The Appcontainer method might be even better, because it utilizes the Windows 10 native security.
That link does now show the .133 release. It looks like they made a mistake and it has now been corrected.
Build 137 seems to be on Chrome OS according to https://chromereleases.googleblog.com/
I'm not sure if this would have blocked these kind of holes. I mean, it was a sandbox bypass if I understood correctly.
Well, AppContainer + Chrome built-in sandbox, that's two sandbox in a sandbox. To bypass one sandbox may be easy, but to bypass two different kind of sandboxes is much more difficult.
OK I see, then I misunderstood. Then you would probably need a kernel exploit to exploit them both.
Stable Channel Update for Desktop
and then on top you add Sandboxie or ReHIPS
my chrome on win10 64-bit updated to 58.0.3029.81 today
I only ended up with Chrome because I needed Flashplayer to access content from a particular site, the other day. I couldn't block the install of
Chrome, even though I didn't want it.
Stable Channel Update for Desktop 09 May 2017
Stable Channel Update for Chrome OS
Separate names with a comma.