Latest Chrome Update Addresses Two High-Severity Vulnerabilities

Google updated Chrome to version 50.0.2662.75, patching 20 vulnerabilities, including two high-severity bugs that qualified for rewards.

Google on Wednesday pushed its third Chrome update since the beginning of March, patching a pair of high-severity vulnerabilities in the browser.

Yesterday’s update brings Chrome to version 50.0.2662.75 and patched 20 vulnerabilities, according to the Google Chrome Releases blog.

Eight of the bugs qualified for a reward under Google’s bug bounty program, the remaining dozen bugs were found internally.

Two of the flaws were rated “High” severity by Google: one was a cross-site scripting flaw credited to an unnamed researcher, and the other an out-of-bounds write flaw in V8 found by Choongwoo Han, a South Korean researcher and student at the Korea Advanced Institute of Science and Technology. The two bugs earned rewards of $7,500 and $5,000 respectively.

Following is a complete list of vulnerabilities that earned rewards:

$7500][590275] High CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous.

[$5000][589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han.

[591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP’s Zero Day Initiative.

[$1500][589512] Medium CVE-2016-1654: Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.

[$1500][582008] Medium CVE-2016-1655: Use-after-free related to extensions. Credit to Rob Wu.

[$500][570750] Medium CVE-2016-1656: Android downloaded file path restriction bypass. Credit to Dzmitry Lukyanenko.

[$1000][567445] Medium CVE-2016-1657: Address bar spoofing. Credit to Luan Herrera.

[$500][573317] Low CVE-2016-1658: Potential leak of sensitive information to malicious extensions. Credit to Antonio Sanso (@asanso) of Adobe.

On March 25, Google pushed out an update that addressed a number of flaws in Chrome disclosed during the Pwn2Own contest earlier in the month.

Suggested articles

st. ambrose catholic parish fraud email scam

BEC Hack Cons Catholic Church Out of $1.75 Million

An Ohio parish lost a whopping $1.75 million after attackers breached two employees’ email accounts – and then tricked other employees into sending wire transfers to a fraudulent bank account.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.