Google Updates Chrome, Fixes Three High Severity Issues

Google pushed out the latest version of its flagship browser Chrome on Tuesday, fixing three high severity bugs in the process.

The update graduates the browser to version number 49.0.2623.87 for Windows, Mac, and Linux, according to a post on Google’s Chrome Releases blog this week.

Two of the bugs, a type confusion vulnerability and a use-after-free vulnerability, affect Blink, a rendering engine that falls under the Chromium umbrella.

Blink, a feature that Google forked from WebKit back in 2013, is constantly patched by the Chrome team. A trio of use-after-free bugs and a same-origin bypass vulnerability that fetched researcher Mariusz Mlynski $8,000 were fixed in the engine last week.

Developers fixed a bug dug up by a researcher working with HP’s Zero Day Initiative, an out-of-bounds write in Chrome’s open source PDF rendering engine PDFium this week as well.

Two of the three bugs qualified for rewards under their bug bounty program:

[$5000][589838] HighCVE-2016-1643: Type confusion in Blink. Credit to cloudfuzzer.
[$3500][590620] HighCVE-2016-1644: Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
[587227] HighCVE-2016-1645: Out-of-bounds write in PDFium. Credit to anonymous working with HP’s Zero Day Initiative.

Per usual, users seeking an entire list of fixes can review Chrome’s changelog.