Breach, Compliance Management, Data Security, Privacy, Vulnerability Management

Google fixes Chrome critical flaw, researcher snags $25K


An anonymous researcher picked up a $25,633 bug bounty for discovering a critical vulnerability in Chrome (CVE-2016-1629), which Google has now patched in version 48.0.2564.

While Google won't release details of the bug until the majority of users have had time to update, the company noted that it was a “same-origin bypass in Blink and Sandbox escape in Chrome.”

Google said it “will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed.”

Earlier this year, with the release of Chrome 48.0.2564.82 Google promoted Chrome 48 into the stable channel for Linux, Mac and Windows.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.