Google this week released an updated version of Chrome 61 to address two High severity vulnerabilities.
Available for download as version 61.0.3163.100, the new Chrome iteration was pushed to all Windows, Mac, and Linux users, and should reach all in the next several days/weeks.
The updated browser includes fixes for 3 security issues, two of which were discovered by external researchers. Two of the three security flaws were assessed with a High risk severity rating.
The first is an Out-of-bounds access in V8. Tracked as CVE-2017-5121, the flaw was discovered by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14, and was awarded a $7,500 bounty reward, Krishna Govind, Google Chrome, notes in a blog post.
Tracked as CVE-2017-5122, the second High risk flaw Google has addressed with the latest Chrome release is an Out-of-bounds access in V8 as well. Reported by Choongwoo Han of Naver Corporation on 2017-08-04, the vulnerability was awarded a $3,000 bounty.
To date, Google has addressed 25 vulnerabilities with various Chrome 61 releases, including 12 issues reported by external researchers. 8 of these security bugs were assessed High severity.
These include vulnerabilities such as use after free in PDFium, heap buffer overflow bugs in WebGL and Skia, a memory lifecycle issue in PDFium, and type confusion flaws in V8, in addition to the aforementioned out-of-bounds access issues in V8.
Issues of lower severity included a couple of use of uninitialized value bugs in Skia, a bypass of Content Security Policy in Blink, and a potential HTTPS downgrade during redirect navigation.
Google paid over $30,000 in bug bounty rewards to the external security researchers who reported these issues. The highest reward was $7,500, but three researchers received $5,000 each for their submissions.
Related: Fake Chrome Font Update Attack Distributes Backdoor
Related: One Million Exposed to Adware via Hijacked Chrome Extension
Related: Chrome 59 Patches 30 Vulnerabilities