Google updated its Chrome browser’s stable channel to 43.0.2357.1430 for Windows, Mac and Linux on Monday.
The update addresses multiple vulnerabilities, and the company’s security team highlighted four of those patches in its blog post. Outside researchers discovered the bugs, two of which were deemed “high” severity.
CVE-2015-1266, for example, pertained to a scheme validation error in WebUI. The other high severity bug, CVE-2015-1268, is a cross-origin bypass in Blink. The validation error discovery netted an anonymous researcher $5,000.
Another cross-origin bypass in Blink was found, CVE-2015-1267, although that vulnerability was considered ‘medium’ severity.
A final bug, CVE-2015-1269, demonstrated a normalization error in the HSTS/HPKP preload list.
Google does not provide further details on vulnerabilities until a majority of users are updated with a fix.