Google Patches Chrome Holes

Wednesday, March 30, 2016 @ 10:03 AM gHale


Google updated Chrome 49 in order to patch several vulnerabilities.

Chrome 49.0.2623.108 resolves five vulnerabilities, four of which ended up identified and reported by external researchers.

RELATED STORIES
Firefox 45 Browser Fixes 40 Holes
Google Released Chrome 49
Firefox Update Fixes Flaws
Chrome Expands Safe Browsing

Two of the issues, credited to “anonymous,” ended up described as high severity use-after-free vulnerabilities in Navigation and Extensions. The researcher or researchers who reported the flaws to Google earned $5,500 and $5,000, respectively.

Another high severity vulnerability is an out-of-bounds read in the V8 JavaScript engine for which Wen Xu from Tencent KeenLab earned $7,500.

At the Pwn2Own 2016 competition, JungHoon Lee (lokihardt) attempted to demonstrate a code execution exploit against Chrome. The attempt failed, but the researcher identified a high severity buffer overflow in libANGLE. Google’s advisory credits Lee for finding the flaw.

The latest Chrome update also patches multiple vulnerabilities found by Google’s own security team.