Version 53.0.2785.143 m of Google Chrome was released today that fixes for 2 remote code execution vulnerabilities that were submitted to Pwnium. Remote code execution vulnerabilities are considered critical as it could allow attackers and malicious web sites to remotely execute any command they wish on an affected computer.
According to the release notes for this version,
This update includes these security fixes. Special note and congratulations to an anonymous security researcher for an excellent Pwnium entry: a chain of exploits that gains code execution in guest mode across reboots, delivered via web page. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future.
[$100,000][648971] Persistent code execution on Chrome OS. Credit to anonymous.
- [649039] High CVE-2016-5179: Incorrect validation of writes to paths on stateful partition
- [649040] Critical CVE-2016-5180: Heap overflow in c-ares
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
Due to the severity of the security vulnerabilities, it is advised that every update Chrome as soon as possible.
To update Chrome, simply click on the Settings menu button (
), click on Help, and then select About Chrome. Chrome will then check for updates and install them. A restart of Chrome will be required to fully finish the upgrade.
Comments
userw6803 - 7 years ago
Chrome is such a responsible browser and fast. Thanks Chrome for updating so often!
robby501 - 7 years ago
Updated....thanks for the info!
jacklai - 7 years ago
Great! Chrome is greater day by day :)