Connect with us

Hi, what are you looking for?



Google Patches High Security Flaws in Chrome 50

Google on Thursday released an updated version of Chrome 50 for Windows, Mac, and Linux, to resolve 9 security vulnerabilities in the popular web browser.

Google on Thursday released an updated version of Chrome 50 for Windows, Mac, and Linux, to resolve 9 security vulnerabilities in the popular web browser.

Six of the nine security issues were reported by external researchers, including four High risk flaws and two Medium risk ones. Google revealed that it paid $14,000 in bug bounties to the researchers who discovered these vulnerabilities in Chrome 50, awarding every High severity flaw with a $3000 bounty, while paying $1000 for each of the two Medium severity flaws.

The first of the High risk bugs resolved in this update was an Out-of-bounds write in Blink (CVE-2016-1660), credited to Atte Kettunen of OUSPG, while the second was a memory corruption in cross-process frames (CVE-2016-1661) discovered by Wadih Matar.

Google also patched a Use-after-free bug in extensions (CVE-2016-1662), which was reported by Rob Wu, along with a Use-after-free issue in Blink’s V8 bindings (CVE-2016-1663), which was reported by an anonymous researcher.

The update for Chrome 50 also resolves an address bar spoofing (CVE-2016-1664) reported by Wadih Matar, along with an information leak in V8 (CVE-2016-1665), discovered by gksgudtjr456. Both vulnerabilities were deemed Medium risk.

Following the update, users will run Chrome 50.0.2661.94 on their Windows, Mac, or Linux machines. As usual, users are advised to install the software update as soon as possible to ensure their computers remain protected.

Google released Chrome 50 (build 50.0.2661.75) in the stable channel on April 14, when it patched 20 security flaws, including 8 vulnerabilities that earned external researchers a total of $17,500 in bug bounties.

Advertisement. Scroll to continue reading.

Two of those issues were rated High severity, namely a Universal XSS (Cross-Site Scripting) in extension bindings (CVE-2016-1652), reported by an anonymous researcher, and an Out-of-bounds write in V8 (CVE-2016-1653), credited to Choongwoo Han. The release also patched five Medium severity flaws and a Low risk bug.

In early March, Google released Chrome 49 in the stable channel for Windows, Mac and Linux, with 26 security fixes inside. Only one week later, the company issued patches for three high risk flaws in the browser. In late March, Google released Chrome 49.0.2623.108 to patch five security issues, including four high risk vulnerabilities reported by external developers.

Earlier this week, Mozilla released Firefox 46 in the stable channel and addressed four critical vulnerabilities in the browser. These memory safety bugs affected the browser engine and Mozilla says that successful exploitation could have resulted in crashes and, in some circumstances, arbitrary code execution.

Related: Google Offers $100,000 for Chromebook Hack

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.