With the release of Chrome 48.0.2564.82 Google has promoted Chrome 48 into the stable channel for Linux, Mac and Windows and provided 37 patches, two of which fix high risk vulnerabilities, according to a Jan. 20 blog post.
Those two bugs — CVE-2016-1612, which pertained to a bad cast in V8 and CVE-2016-1613, which involved a use-after-free in PDFium — plus six others were identified by external researchers. Each of the two high-risk vulnerabilities yielded the researchers who discovered them $3,000.
The other six were medium level bugs and pertained to origin confusion in Omnibox, URL spoofing, history sniffing with HSTS and CSP, an out-of-bounds read in PDFium, and an information leak and a weak random number generator both involving Blink.
The remaining bugs were discovered by Goggle’s internal security team, with one CVE-2016-1620, involving various fixes from internal audits, fuzzing and other initiatives, Google said.