Google Fixes Four Critical Vulnerabilities in Latest Chrome Build

Google pushed out the latest version of Chrome Thursday afternoon, fixing five issues, four of them critical.

Google pushed out the latest version of Chrome Thursday afternoon, fixing five issues, four of them critical.

The update remedies an out-of-bounds read in Chrome’s open source JavaScript engine V8, two use-after-free vulnerabilities – one in Navigation and one in Extensions – and a buffer overflow in the libANGLE library.

The V8 vulnerability fetched Wen Xu, a researcher with Tencent KeenLab, $7500, while the other bugs netted the two additional researchers, credited as anonymous, a total of $10,500.

Fresh from last week’s Pwn2Own competition in Vancouver, JungHoon Lee, a.k.a. lokihardt, was credited for finding the buffer overflow vulnerability, but according to Google’s release update, it doesn’t appear he was awarded a bounty for his discovery. Lee attempted to demonstrate a code execution attack on Chrome on the competition’s second day, but his attempt failed.

Hackers with 360Vulcan Team partially broke Chrome on Pwn2Own’s first day by demonstrating a successful code execution attack against the browser in the SYSTEM context. Since the vulnerability had previously been reported to Google, they only received partial credit. It’s unclear when the Chrome bug, an out-of-bounds bug which the team chained together with two Flash vulnerabilities and a Windows Kernel vulnerability, will be fixed.

Google claims it fixed also fixed a handful of minor bugs in this version of Chrome that were found by its own internal security team, including multiple vulnerabilities in V8.

The full list of fixes and CVE numbers for the update, which graduates the browser to version 49.0.2623.108 for Windows, Mac, and Linux are as follows:

  • [$7500] [594574] High CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
  • [$5500] [590284] High CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous.
  • [$5000] [590455] High CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous.
  • [595836] High CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
  • [597518] CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33)

Last week the company announced that it was adding a download protection bypass bounty to its Security Reward Program for any methods that bypass Chrome’s Safe Browsing download protection. The company acknowledged that since it introduced its highest reward, $50,000, it hasn’t had a successful submission, and that it was upping that reward to $100,000.

Suggested articles

Discussion

  • BT7474 on

    Belarc Advisor for a while stated that I had 3 critical security errors, which I reduced to 2 critical security errors. Adobe's website have always been virtually completely useless in solving problems. I would prefer if there was a link on Belarc Advisor's website that quickly solved the solution. In the past, one person for Adobe stated that Adobe should solve the problem, but all they did was provide a table of useless information instead of links that solve the security flaws. Simultaneously, there was also a problem with Windows 10's Windows Update, which was corrupted, but now together with the Belarc Advisor's critical security faults have been solved, which is about time.
  • BT7474 on

    I forgot to say that I use Google Chrome, which wasn't updating Adobe flash upgrades (I think it was) properly. Ironically, Microsoft's Window Explorer Browser was probably working properly. I can't remember if Firefox was working properly, but definitely, Chrome was a security risk for a long period. I am just relieved that the present security flaws are fixed. Based on past experience it probably won't be long for the next security risk to appear with Chrome.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.