Google patches Chrome 49 vulnerabilities

Google released a patch for vulnerabilities affecting the latest version of Chrome for Windows, Mac, and Linux, including several high-risk issues.
Google released a patch for vulnerabilities affecting the latest version of Chrome for Windows, Mac, and Linux, including several high-risk issues.

Google released a patch on Thursday for vulnerabilities affecting the latest version of Chrome for Windows, Mac, and Linux, including several high-risk issues.

One of the most significant flaws, a high-severity vulnerability (CVE-2016-1646), caused an out of bounds read affecting the V8 JavaScript engine. The flaw was discovered by Wen Xu at Tencent KeenLab.

A high-severity vulnerability (CVE-2016-1649), a buffer overflow flaw affecting libANGLE, was discovered by South Korean security researcher Jung Hoon Lee (lokihardt), working through Hewlett-Packard's Zero Day Initiative, during HP's Pwn2Own hacking competition.

Anonymous researchers discovered two other high-severity flaws (CVE-2016-1647 and CVE-2016-1648). The vulnerabilities are use-after-free bugs that affect Chrome's navigation and extensions, respectively.

Google's internal team discovered bugs related to V8 (4.9.385.33) and another (CVE-2016-1650) affecting internal audits, fuzzing and other initiatives.

Several of the vulnerabilities were discovered through the AddressSanitizer, MemorySanitizer, Control Flow Integrity or LibFuzzer tools, according to Google's security update.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS