Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Patches High Security Flaws in Chrome 50

Google on Thursday released an updated version of Chrome 50 for Windows, Mac, and Linux, to resolve 9 security vulnerabilities in the popular web browser.

Google on Thursday released an updated version of Chrome 50 for Windows, Mac, and Linux, to resolve 9 security vulnerabilities in the popular web browser.

Six of the nine security issues were reported by external researchers, including four High risk flaws and two Medium risk ones. Google revealed that it paid $14,000 in bug bounties to the researchers who discovered these vulnerabilities in Chrome 50, awarding every High severity flaw with a $3000 bounty, while paying $1000 for each of the two Medium severity flaws.

The first of the High risk bugs resolved in this update was an Out-of-bounds write in Blink (CVE-2016-1660), credited to Atte Kettunen of OUSPG, while the second was a memory corruption in cross-process frames (CVE-2016-1661) discovered by Wadih Matar.

Google also patched a Use-after-free bug in extensions (CVE-2016-1662), which was reported by Rob Wu, along with a Use-after-free issue in Blink’s V8 bindings (CVE-2016-1663), which was reported by an anonymous researcher.

The update for Chrome 50 also resolves an address bar spoofing (CVE-2016-1664) reported by Wadih Matar, along with an information leak in V8 (CVE-2016-1665), discovered by gksgudtjr456. Both vulnerabilities were deemed Medium risk.

Following the update, users will run Chrome 50.0.2661.94 on their Windows, Mac, or Linux machines. As usual, users are advised to install the software update as soon as possible to ensure their computers remain protected.

Google released Chrome 50 (build 50.0.2661.75) in the stable channel on April 14, when it patched 20 security flaws, including 8 vulnerabilities that earned external researchers a total of $17,500 in bug bounties.

Two of those issues were rated High severity, namely a Universal XSS (Cross-Site Scripting) in extension bindings (CVE-2016-1652), reported by an anonymous researcher, and an Out-of-bounds write in V8 (CVE-2016-1653), credited to Choongwoo Han. The release also patched five Medium severity flaws and a Low risk bug.

Advertisement. Scroll to continue reading.

In early March, Google released Chrome 49 in the stable channel for Windows, Mac and Linux, with 26 security fixes inside. Only one week later, the company issued patches for three high risk flaws in the browser. In late March, Google released Chrome 49.0.2623.108 to patch five security issues, including four high risk vulnerabilities reported by external developers.

Earlier this week, Mozilla released Firefox 46 in the stable channel and addressed four critical vulnerabilities in the browser. These memory safety bugs affected the browser engine and Mozilla says that successful exploitation could have resulted in crashes and, in some circumstances, arbitrary code execution.

Related: Google Offers $100,000 for Chromebook Hack

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.