Google fixes Chrome critical flaw, researcher snags $25K

An anonymous researcher picked up a $25,633 bug bounty for discovery a critical vulnerability in Chrome (CVE-2016-1629), which Google has now patched in version 48.0.2564.
An anonymous researcher picked up a $25,633 bug bounty for discovery a critical vulnerability in Chrome (CVE-2016-1629), which Google has now patched in version 48.0.2564.

An anonymous researcher picked up a $25,633 bug bounty for discovering a critical vulnerability in Chrome (CVE-2016-1629), which Google has now patched in version 48.0.2564.

While Google won't release details of the bug until the majority of users have had time to update, the company noted that it was a “same-origin bypass in Blink and Sandbox escape in Chrome.”

Google said it “will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed.”

Earlier this year, with the release of Chrome 48.0.2564.82 Google promoted Chrome 48 into the stable channel for Linux, Mac and Windows.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS