Network Security, Patch/Configuration Management, Vulnerability Management

Google Chrome update includes 37 patches, two for high-risk vulnerabilities


With the release of Chrome 48.0.2564.82 Google has promoted Chrome 48 into the stable channel for Linux, Mac and Windows and provided 37 patches, two of which fix high risk vulnerabilities, according to a Jan. 20 blog post

Those two bugs -- CVE-2016-1612, which pertained to a bad cast in V8 and CVE-2016-1613, which involved a use-after-free in PDFium --  plus six others were identified by external researchers. Each of the two high-risk vulnerabilities yielded the researchers who discovered them $3,000. 

The other six were medium level bugs and pertained to origin confusion in Omnibox, URL spoofing, history sniffing with HSTS and CSP, an out-of-bounds read in PDFium, and an information leak and a weak random number generator both involving Blink.

The remaining bugs were discovered by Goggle's internal security team, with one CVE-2016-1620, involving various fixes from internal audits, fuzzing and other initiatives, Google said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.