Google Fixes 12 High-Severity Vulnerabilities In Chrome Browser

Google is urging Windows, Mac and Linux users to update their Chrome browsers to fix multiple vulnerabilities that could allow malicious third parties to take control of targeted systems.

Released Thursday, Chrome version 55.0.2883.75 for Windows, Mac, and Linux fixes those security issues. It also introduces a number of new features to the browser to enhance the way it handles panning gestures and to support CSS automatic hyphenation.

The United States Computer Emergency Readiness Team (US-CERT) issued an alert around the Chrome update on Thursday in conjunction with Google, detailing a list of 26 bug bounty payments totaling $70,000 paid to external researchers. According to Google, another 10 security fixes were tackled by Google itself.

Topping the list of vulnerabilities are a dozen “high” severity issues. Five of the flaws are tied to universal cross-site scripting vulnerabilities in Chrome’s Blink component, a web browser engine developed as part of the open-source web browser project Chromium Project.

Security researcher Mariusz Mlynski earned $22,500 for finding three of the high-severity bugs tied to cross site scripting errors in Blink. The Polish researcher found similar flaws in May, earning him $15,000.

Four other high-severity vulnerabilities are tied to Google’s problem-plagued Chrome default PDF viewer, called PDFium. The flaw, described by Google in June, had put users at risk if they were enticed to view a specially crafted PDF document with an embedded jpeg2000 image within the default PDF viewer. Google did not disclose specifics of this most recent PDFium vulnerability in Thursday’s update.

Two more high-severity vulnerabilities are tied to Chrome’s V8 JavaScript engine. One of the flaws is described as a “private property access in V8” vulnerability. The other V8 issue is a use after free vulnerability in V8. There were nine reported medium-severity flaws, two of which are related to Chrome’s Omnibox (address bar) which hackers in the past have been able to use to spoof addresses.

The high and medium-severity bugs that earned bounties are:

[$N/A]HighCVE-2016-9651: Private property access in V8. Credit to Guang Gong of Alpha Team Of Qihoo 360

[$7,500]HighCVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski

[$7,500]HighCVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski

[$7,500]HighCVE-2016-5206: Same-origin bypass in PDFium. _Credit to Rob Wu _

[$7,500]HighCVE-2016-5205: Universal XSS in Blink. Credit to Anonymous

[$7,500]HighCVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski

[$5,000]HighCVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go of STEALIEN

[$3,000]HighCVE-2016-5203: Use after free in PDFium. Credit to Anonymous

[$3,500]HighCVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB

[$3,000]HighCVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani

[$3,000]HighCVE-2016-5211: Use after free in PDFium. Credit to Anonymous

[$500]HighCVE-2016-5213: Use after free in V8. Credit to Khalil Zhani

[$N/A]MediumCVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR

[$3,000]MediumCVE-2016-5216: Use after free in PDFium. Credit to Anonymous

[$3,000]MediumCVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang

[$2,500]MediumCVE-2016-5217: Use of unvalidated data in PDFium. _Credit to Rob Wu _

[$2,000]MediumCVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi (@qab)

[$1,500]MediumCVE-2016-5219: Use after free in V8. _Credit to Rob Wu _

[$1,000]MediumCVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker of ForAllSecure

[$1,000]MediumCVE-2016-5220: Local file access in PDFium. _Credit to Rob Wu _

[$500]MediumCVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr of Tencent’s Xuanwu Lab