Stable Channel Update for Chrome OS

The Stable channel 53.0.2785.144 (Platform version: 8530.93.0) has been released for all Chrome OS devices. This build contains a number of bug fixes, security updates and a kernel key version update in the TPM. Systems will be receiving updates over the next several days.

Security Fixes:

This update includes these security fixes. Special note and congratulations to an anonymous security researcher for an excellent Pwnium entry: a chain of exploits that gains code execution in guest mode across reboots, delivered via web page. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future.

[$100,000][648971] Persistent code execution on Chrome OS. Credit to anonymous.

• [649039] High CVE-2016-5179: Incorrect validation of writes to paths on stateful partition
• [649040] Critical CVE-2016-5180: Heap overflow in c-ares
  Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.

If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using 'Report an issue…' in the Chrome menu (3 vertical dots in the upper right corner of the browser).

Ketaki Deshpande
Google Chrome