Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Patches High Security Flaws in Chrome 50

Google on Thursday released an updated version of Chrome 50 for Windows, Mac, and Linux, to resolve 9 security vulnerabilities in the popular web browser.

Google on Thursday released an updated version of Chrome 50 for Windows, Mac, and Linux, to resolve 9 security vulnerabilities in the popular web browser.

Six of the nine security issues were reported by external researchers, including four High risk flaws and two Medium risk ones. Google revealed that it paid $14,000 in bug bounties to the researchers who discovered these vulnerabilities in Chrome 50, awarding every High severity flaw with a $3000 bounty, while paying $1000 for each of the two Medium severity flaws.

The first of the High risk bugs resolved in this update was an Out-of-bounds write in Blink (CVE-2016-1660), credited to Atte Kettunen of OUSPG, while the second was a memory corruption in cross-process frames (CVE-2016-1661) discovered by Wadih Matar.

Google also patched a Use-after-free bug in extensions (CVE-2016-1662), which was reported by Rob Wu, along with a Use-after-free issue in Blink’s V8 bindings (CVE-2016-1663), which was reported by an anonymous researcher.

The update for Chrome 50 also resolves an address bar spoofing (CVE-2016-1664) reported by Wadih Matar, along with an information leak in V8 (CVE-2016-1665), discovered by gksgudtjr456. Both vulnerabilities were deemed Medium risk.

Following the update, users will run Chrome 50.0.2661.94 on their Windows, Mac, or Linux machines. As usual, users are advised to install the software update as soon as possible to ensure their computers remain protected.

Google released Chrome 50 (build 50.0.2661.75) in the stable channel on April 14, when it patched 20 security flaws, including 8 vulnerabilities that earned external researchers a total of $17,500 in bug bounties.

Two of those issues were rated High severity, namely a Universal XSS (Cross-Site Scripting) in extension bindings (CVE-2016-1652), reported by an anonymous researcher, and an Out-of-bounds write in V8 (CVE-2016-1653), credited to Choongwoo Han. The release also patched five Medium severity flaws and a Low risk bug.

Advertisement. Scroll to continue reading.

In early March, Google released Chrome 49 in the stable channel for Windows, Mac and Linux, with 26 security fixes inside. Only one week later, the company issued patches for three high risk flaws in the browser. In late March, Google released Chrome 49.0.2623.108 to patch five security issues, including four high risk vulnerabilities reported by external developers.

Earlier this week, Mozilla released Firefox 46 in the stable channel and addressed four critical vulnerabilities in the browser. These memory safety bugs affected the browser engine and Mozilla says that successful exploitation could have resulted in crashes and, in some circumstances, arbitrary code execution.

Related: Google Offers $100,000 for Chromebook Hack

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights