5 Vulnerabilities Fixed In Chrome Browser, Google Pays $20K to Bug Hunters

2016-05-12T11:58:15
ID THREATPOST:F90747EF37D4E42BC2C82461C5048E8B
Type threatpost
Reporter Tom Spring
Modified 2016-05-19T19:03:30

Description

Google is urging Windows, Mac and Linux users to update their Chrome browser to fix five security holes – two which rate as high severity. Google warned users of the vulnerabilities Wednesday as it released a new version, 50.0.2661.102, of the browser.

The Chrome security holes were found by four bug bounty hunters as part of Google’s Chromium Project and its bug bounty program. One of those bug bounty hunters was noted Polish security researcher Mariusz Mlynski who earned a total of $15,500 for identifying two Chrome browser security vulnerabilities.

One of the browser flaws (CVE-2016-1667) Mlynski found is rated high and described as a “same origin bypass in DOM” vulnerability. The flaw allows remote attackers to bypass the Same Origin Policy via unspecified vectors and is tied to Chrome’s Document Object Model (DOM) platform. The bug earned Mlynski a bounty of $8,000.

The second Mlynski bug (CVE-2016-1668) earned the researcher $7,500 and is described as a “Same origin bypass in Blink V8 bindings” vulnerability. This type of bug allows remote attackers to bypass the Blink Same Origin Policy via a crafted web site. “V8” refers to an open source JavaScript engine developed by the Chromium Project for Google Chrome.

Mlynski is a regular top performer at hacking competitions such as Pwn2Own contest and is a prolific bug bounty hunter.

Security researcher Choongwoo Han earned $3,000 for finding a bug (CVE-2016-1669) that creates a buffer overflow in Chrome’s JavaScript engine (V8). This flaw is also classified as high and could allow a remote attacker to cause a denial of service attack against the targeted machine.

The remaining two medium risk vulnerabilities include a “race condition in loader” vulnerability (CVE-2016-1670) found by an anonymous bug hunter that earned $1,337 for their find. A second medium risk vulnerability (CVE-2016-1671) earned researcher Jann Horn $500 for a “directory traversal using the file scheme on Android.”

Google said it is refraining from releasing more details regarding the bugs until “a majority of users are updated with a fix.”