Chrome Update Fixes Three ‘High’ Severity Vulnerabilities

Google updated Chrome on Tuesday, fixing three high severity bugs in the process.

Google pushed out the latest version of its flagship browser Chrome on Tuesday, fixing three high severity bugs in the process.

The update graduates the browser to version number 49.0.2623.87 for Windows, Mac, and Linux, according to a post on Google’s Chrome Releases blog this week.

Two of the bugs, a type confusion vulnerability and a use-after-free vulnerability, affect Blink, a rendering engine that falls under the Chromium umbrella.

Blink, a feature that Google forked from WebKit back in 2013, is constantly patched by the Chrome team. A trio of use-after-free bugs and a same-origin bypass vulnerability that fetched researcher Mariusz Mlynski $8,000 were fixed in the engine last week.

Developers fixed a bug dug up by a researcher working with HP’s Zero Day Initiative, an out-of-bounds write in Chrome’s open source PDF rendering engine PDFium this week as well.

Two of the three bugs qualified for rewards under their bug bounty program:

[$5000][589838] High CVE-2016-1643: Type confusion in Blink. Credit to cloudfuzzer.
[$3500][590620] High CVE-2016-1644: Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
[587227] High CVE-2016-1645: Out-of-bounds write in PDFium. Credit to anonymous working with HP’s Zero Day Initiative.

Per usual, users seeking an entire list of fixes can review Chrome’s changelog.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.