Patch/Configuration Management, Vulnerability Management

Google releases Chrome 46, fixes 24 vulnerabilities

Google has promoted Chrome 46 to the stable channel for Windows, Mac and Linux – the update includes 24 security fixes, some of which are for high severity vulnerabilities.

Bugs discovered by external researchers were highlighted in a Tuesday post. The Chrome team paid out $8,837 to Mariusz Mlynski for identifying a critical cross-origin bypass in Blink, and an unnamed researcher was rewarded $6,337 for discovering a critical use-after-free in PDFium.

Other high severity vulnerabilities included a use-after-free in ServiceWorker identified by Collin Payne, who earned $3,500, and a bad-cast in PDFium discovered by Atte Kettunen of OUSPG, who earned $3,000.

The remaining vulnerabilities – an information leakage in LocalStorage, an improper error handling in libANGLE, a memory corruption in FFMpeg, and a CORS bypass via CSS fonts – were deemed low to medium in severity and were each worth $500 and $1,000.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.