Google fixes severe vulnerabilities in Chrome browser update
Google updated the Chrome browser on Tuesday with a round of security fixes which patch up three critical issues.
According to a post on the Chrome releases blog, the latest stable release for Chrome, version 49.0.2623.87 for Windows, Mac, and Linux, includes fixes for a number of vulnerabilities discovered by security researchers.
The first major security issue, CVE-2016-164, is a type confusion vulnerability which impacts Blink, a rendering engine used by Google Chrome.
The researcher earned themselves $5000 for submitting their findings.
Security
The second critical flaw, CVE-2016-1644, also affects Blink. This security issue is a use-after-free vulnerability, a memory corruption problem which may allow attackers to execute remote code, and has been deemed serious enough to warrant a reward of $3500.
The third vulnerability, CVE-2016-1645, is an out-of-bounds write issue in PDFium, Google's PDF library which was given to the open-source community in 2014. The issue was discovered and submitted by a researcher working alongside HP's Zero Day Initiative, and if a reward is involved, it has not been disclosed.
As usual, Google is keeping its mouth closed on the specific, technical nature of these vulnerabilities until the "majority" of uses have downloaded and installed the update.
"We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed," the tech giant notes.
Users can visit the Chromium security page for more information.
Top tips to stay safe on public Wi-Fi networks
Read on: Top picks
- How to increase your Bitcoin mining profit by 30 percent with less effort
- SMS Android malware roots and hijacks your device - unless you are Russian
- Bug bounties: Which companies offer researchers cash?
- Shodan: The IoT search engine privacy messenger
- What happens when you leak stolen bank data to the Dark Web?