Google fixes severe security holes in Chrome browser update

Bug bounty hunters have earned some serious money this month.

Google has issued fixes for 15 severe vulnerabilities in the Chrome browser.

google-chrome-security-update.jpg

The update, Chrome 51.0.2704.79, is for Windows, Mac and Linux systems, and many of the latest bug discoveries were submitted by external researchers as part of the Chrome bug bounty program.

In total, Google paid out $26,000 in bug bounty rewards, including two $7500 payments to Mariusz Mlynski and an anonymous contributor.

Mlynski reported CVE-2016-1697, a critical cross-origin bypass vulnerability in the Blink web browser engine to earn his reward, while the anonymous researcher contributed to the bug bounty program with a separate critical issue, CVE-2016-1696, which is a cross-origin bypass bug discovered in Extension bindings.

Security researcher Rob Wu also did well this month, contributing three medium-severity vulnerabilities to earn $6500. The vulnerabilities, CVE-2016-1698, CVE-2016-1700 and CVE-2016-1701, are described as an information leak in Extension Bindings, a use-after-free security flaw in Extensions and another use-after-free vulnerability within Chrome's Autofill feature.

Google has also fixed CVE-2016-1699, a parameter sanitization failure in DevTools and CVE-2016-1702, an out-of-bounds read issue in Skia.

See also: Top 5 security practices in staying safe online: From the experts

In addition, Chrome's in-house team ferreted out and fixed various problems discovered through internal audits and fuzzing.

Last month, Google paid out over $20,000 to bug bounty hunters who reported five high and medium-severity issues in the Chrome browser.

Read on: Top picks

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All