Chrome 48 Fixes 37 Vulnerabilities
Friday, January 22, 2016 @ 02:01 PM gHale
The Chrome 48 browser released amid a flurry of security fixes.
Two of the 37 patched flaws, CVE-2016-1612 and CVE-2016-1613, rated a high risk.
One vulnerability was a bad cast flaw in V8, reported by “cloudfuzzer,” while the other was a use-after-free bug in PDFium, which came in from anonymous researcher, said Google’s Krishna Govind in a blog post.
The two vulnerabilities earned the two researchers $3,000 apiece.
There were six other vulnerabilities reported by external researchers and all came in as a medium risk.
One was CVE-2016-1614, an information leak in Blink, and earned researcher Christoph Diehl $2,000.
The remaining five flaws earned the researchers $500 each.
Google said Chrome 48 patches various other security flaws reported via internal audits, fuzzing and other initiatives.
One of those flaws ended up rated critical, 14 rated high, 10 medium and two low. Google’s internal team also discovered multiple vulnerabilities in V8.
The new Chrome release, version 48.0.2564.82, is now available for download for Windows, Mac, and Linux users.
In addition to security patches, the updated browser release also comes with a series of improvements, Google said.