Have you checked what version of the Google Chrome web browser you’re running lately? If you see that an update is pending, you should apply it as soon as possible.
Google has started the rollout of version 57 for its Chrome browser that brings a variety of improvements and security fixes, including patches for nine high severity flaws that could allow attackers to gain control of a machine via remote code execution.
All the flaws were discovered via third-party bug bounty hunters under the Chromium project. The rewards for this batch of bug discoveries reached a grand total of $38,000. Good job, guys.
Other fixes include patches for use-after-free flaws, out-of-bounds write flaws and an integer overflow.
List of patches and bounties
Here’s the full list of patches and the associated bounties of the high and medium severity flaws fixed in Chrome 57.0.2987.98.
[$7500] High – CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka.
[$5000] High – CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang.
[$3000] High – CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari – Project Srishti.
[$3000] High – CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek.
[$3000] High – CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
[$3000] High – CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado.
[$3000] High – CVE-2017-5036: Use after free in PDFium. Credit to Anonymous.
[$1000] High – CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang of Tencent’s Xuanwu Lab (xlab.tencent.com).
[$500] High – CVE-2017-5039: Use after free in PDFium. Credit to jinmo123.
[$2000] Medium – CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han.
[$1000] Medium – CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chance.
[$1000] Medium – CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grødum.
[$1000] Medium – CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy.
[$1000] Medium – CVE-2017-5038: Use after free in GuestView. Credit to Anonymous.
[$1000] Medium – CVE-2017-5043: Use after free in GuestView. Credit to Anonymous.
[$1000] Medium – CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah of Fortinet’s FortiGuard Labs.
[$500] Medium – CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil (vampire).
[$500] Medium – CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa.
Other new features
Chrome 57 is not just about security fixes. The update is also bringing a bunch of improvements for better web content delivery.
First up is WebAssembly support. WebAssembly is a new delivery system that speeds up web apps by packing resources with less code. This new system is set to revolutionize the web by allowing increasingly complex applications like 3D video gaming and media editing suites to run in browsers.
Another new feature is CSS Grid Layout support, an easier way for developers to arrange web content by using grids that can scale with the size of a screen.
On the mobile side, Chrome for Android gets upgraded with the new Media Session API that will introduce custom feature-rich media notifications. Additionally, Chrome web apps can now be also added to the Android home screen or app drawer via the improved “Add to Home screen” feature while full-screen video can now lock the screen orientation based on its aspect ratio.
Chrome 57 is rolling out to Windows, Mac and Linux systems over the next few days.
How to update Chrome
Google Chrome can be set to automatically update with new versions that include the most recent security patches.
If you’re using a computer: Just close and reopen your Chrome browser. Or, Click the Chrome menu that looks like three horizontal lines on the far upper-right hand corner of the screen >> Update Google Chrome >> Relaunch.
If you don’t see Update Google Chrome, don’t worry. That means you have the most updated version or it has not rolled out to your system yet.
The latest version is Chrome 57.0.2987.98.