Google has updated its Chrome browser yet again, this time fixing a high-risk vulnerability in the V8 JavaScript engine. That flaw is the only one that Google fixed in this update.
The vulnerability in the V8 engine is an out-of-bounds error that can cause a memory-corruption condition and lead to remote code execution. The researcher who discovered the bug, Christian Holler, received a $1,000 reward from Google for the report.
The company has been doing rolling updates for Chrome for some time now, and it’s not unusual for there to be several separate updates within a month or six week period. Google fixes vulnerabilities in the browser as they have the patches available, and it gives the company an advantage in terms of speed. The rolling patch schedule means that Google doesn’t have to wait for a monthly scheduled release, and neither do its users.
This is the second security update for Chrome in the last week, in fact. Last Thursday the company fixed seven vulnerabilities, including five high-risk ones. It’s rare for Google to release an update for Chrome to fix just a single bug, but given the ubiquity of JavaScript these days and its frequent use as an attack vector, the bug could be a serious one.
