Tech

Google fixes severe vulnerabilities in Chrome browser update

Google's latest Chrome update patches critical issues resulting in cash rewards for researchers.

Written by Charlie Osborne, Contributing Writer March 10, 2016 at 1:38 a.m. PT

Google updated the Chrome browser on Tuesday with a round of security fixes which patch up three critical issues.

According to a post on the Chrome releases blog, the latest stable release for Chrome, version 49.0.2623.87 for Windows, Mac, and Linux, includes fixes for a number of vulnerabilities discovered by security researchers.

The first major security issue, CVE-2016-164, is a type confusion vulnerability which impacts Blink, a rendering engine used by Google Chrome.

The researcher earned themselves $5000 for submitting their findings.

Security

The second critical flaw, CVE-2016-1644, also affects Blink. This security issue is a use-after-free vulnerability, a memory corruption problem which may allow attackers to execute remote code, and has been deemed serious enough to warrant a reward of $3500.

The third vulnerability, CVE-2016-1645, is an out-of-bounds write issue in PDFium, Google's PDF library which was given to the open-source community in 2014. The issue was discovered and submitted by a researcher working alongside HP's Zero Day Initiative, and if a reward is involved, it has not been disclosed.

As usual, Google is keeping its mouth closed on the specific, technical nature of these vulnerabilities until the "majority" of uses have downloaded and installed the update.

"We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," the tech giant notes.

Users can visit the Chromium security page for more information.