Version 54.0.2840.99 of Google Chrome was released yesterday that fixes for 3 reported vulnerabilities as well as other issues discovered internally by Google. Unfortunately, at this time the severity of these vulnerabilities is unknown, but based on the bounty reward it is possible that at least 2 of them could possibly lead to remote code execution.
According to the release notes for this version,
This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$5500][643948] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to Paul Mehta
[$5000][658114] High CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han
[$1000][660678] Medium CVE-2016-5201: Info leak in extensions. Credit to Rob Wu
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
As usual, our ongoing internal security work was responsible for a wide range of fixes:
[662843] CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives
It is strongly advised that everyone update Chrome as soon as possible.
To update Chrome, simply click on the Settings menu button (
), click on Help, and then select About Chrome. Chrome will then check for updates and install them. A restart of Chrome will be required to fully finish the upgrade.
Comments
Mike_Walsh - 7 years ago
Thanks for the reminder, Lawrence. Appreciated.
'Puppy' users are now up-to-date, on Linux version 54.0.2840.100.
Cheers!