Leave a comment

Latest Google Chrome update patches 9 high severity bugs

Latest Google Chrome update patches 9 high severity bugs

Have you checked what version of the Google Chrome web browser you're running lately? If you see that an update is pending, you should apply it as soon as possible.

Google has started the rollout of version 57 for its Chrome browser that brings a variety of improvements and security fixes, including patches for nine high severity flaws that could allow attackers to gain control of a machine via remote code execution.

All the flaws were discovered via third-party bug bounty hunters under the Chromium project. The rewards for this batch of bug discoveries reached a grand total of $38,000. Good job, guys.

Details for the fixes are still restricted but according to a Google Chrome team's post, the flaw that earned the highest bounty is a memory corruption vulnerability in the V8 Javascript engine. The bug is credited to Brendon Tiszka and he was rewarded with a $7,500 bounty for his efforts.

Other fixes include patches for use-after-free flaws, out-of-bounds write flaws and an integer overflow.

List of patches and bounties

Here's the full list of patches and the associated bounties of the high and medium severity flaws fixed in Chrome 57.0.2987.98.

[$7500] High - CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka.

[$5000] High - CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang.

[$3000] High - CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari - Project Srishti.

[$3000] High - CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek.

[$3000] High - CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.

[$3000] High - CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado.

[$3000] High - CVE-2017-5036: Use after free in PDFium. Credit to Anonymous.

[$1000] High - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com).

[$500] High - CVE-2017-5039: Use after free in PDFium. Credit to jinmo123.

[$2000] Medium - CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han.

[$1000] Medium - CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chance.

[$1000] Medium - CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grødum.

[$1000] Medium - CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy.

[$1000] Medium - CVE-2017-5038: Use after free in GuestView. Credit to Anonymous.

[$1000] Medium - CVE-2017-5043: Use after free in GuestView. Credit to Anonymous.

[$1000] Medium - CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah of Fortinet's FortiGuard Labs.

[$500] Medium - CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil (vampire).

[$500] Medium - CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa.

Other new features

Chrome 57 is not just about security fixes. The update is also bringing a bunch of improvements for better web content delivery.

First up is WebAssembly support. WebAssembly is a new delivery system that speeds up web apps by packing resources with less code. This new system is set to revolutionize the web by allowing increasingly complex applications like 3D video gaming and media editing suites to run in browsers.

Another new feature is CSS Grid Layout support, an easier way for developers to arrange web content by using grids that can scale with the size of a screen.

On the mobile side, Chrome for Android gets upgraded with the new Media Session API that will introduce custom feature-rich media notifications. Additionally, Chrome web apps can now be also added to the Android home screen or app drawer via the improved "Add to Home screen" feature while full-screen video can now lock the screen orientation based on its aspect ratio.

Chrome 57 is rolling out to Windows, Mac and Linux systems over the next few days.

How to update Chrome

Google Chrome can be set to automatically update with new versions that include the most recent security patches.

If you're using a computer: Just close and reopen your Chrome browser. Or, Click the Chrome menu that looks like three horizontal lines on the far upper-right hand corner of the screen >> Update Google Chrome >> Relaunch.

If you don't see Update Google Chrome, don't worry. That means you have the most updated version or it has not rolled out to your system yet.

The latest version is Chrome 57.0.2987.98.

More must-read stories

Is your phone on the list of malware-infected Android phones?

Frightening new way thieves can steal your PIN and passcode in seconds

Don't type "Amen" on this viral Facebook post - It's a scam!

Source: Google Blog
Is your phone on the list of malware-infected Android phones?
Previous Happening Now

Is your phone on the list of malware-infected Android phones?

You won't believe what this jacket can do!
Next Happening Now

You won't believe what this jacket can do!

View Comments ()