Security Patches for Chrome 50
Monday, May 16, 2016 @ 06:05 PM gHale
Google released security patches for Chrome 50, fixing five vulnerabilities in the web browser.
The update comes two weeks after Google mitigated nine issues in Chrome 50. The browser initially released in the stable channel on April 14. Six of those nine bugs came from external researchers.
The five security flaws patched in the new Chrome 50 release ended up discovered by external researchers and Google awarded them $20,337 in bug bounties.
Since its initial release in the stable channel, Chrome 50 resolved 34 vulnerabilities, including 19 issues reported by external researchers, earning them over $50,000 in bug bounties.
The first two of the newly patched High severity flaws in the browser came from Mariusz Mlynski and included a same origin bypass issue in DOM (CVE-2016-1667), which brought the researcher $8,000. An origin bypass bug in Blink V8 bindings (CVE-2016-1668), netted Mlynski $7,500. The third was a buffer overflow flaw in V8 (CVE-2016-1669), reported by Choongwoo Han who netted $3,000.
As for the two Medium risk issues resolved in the application, a race condition bug in loader (CVE-2016-1670) earned an anonymous researcher a $1,337 bug bounty, while a directory traversal flaw using the file scheme on Android (CVE-2016-1671) ended up discovered by Jann Horn and awarded a $500 bug bounty.
Following the update, the Chrome browser has reached version 50.0.2661.102 and is now available for download for Windows, Mac, and Linux computers.