Patch/Configuration Management, Vulnerability Management

Google patches Chrome 49 vulnerabilities

Google released a patch on Thursday for vulnerabilities affecting the latest version of Chrome for Windows, Mac, and Linux, including several high-risk issues.

One of the most significant flaws, a high-severity vulnerability (CVE-2016-1646), caused an out of bounds read affecting the V8 JavaScript engine. The flaw was discovered by Wen Xu at Tencent KeenLab.

A high-severity vulnerability (CVE-2016-1649), a buffer overflow flaw affecting libANGLE, was discovered by South Korean security researcher Jung Hoon Lee (lokihardt), working through Hewlett-Packard's Zero Day Initiative, during HP's Pwn2Own hacking competition.

Anonymous researchers discovered two other high-severity flaws (CVE-2016-1647 and CVE-2016-1648). The vulnerabilities are use-after-free bugs that affect Chrome's navigation and extensions, respectively.

Google's internal team discovered bugs related to V8 (4.9.385.33) and another (CVE-2016-1650) affecting internal audits, fuzzing and other initiatives.

Several of the vulnerabilities were discovered through the AddressSanitizer, MemorySanitizer, Control Flow Integrity or LibFuzzer tools, according to Google's security update.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.