The regular monthly security update to the Chrome browser has been released with over a dozen different security fixes. The update build is version 51.0.2704.79 for those keeping score at home and it is rolling out now to those who have the browser installed on their Windows PC, Mac or Linux device. If you have the browser installed, you can wait for the OTA to come to you or you can got to Menu>Settings>About> which will force the update to happen. You’ll need to restart Chrome once you have the update installed.
In all, there are 15 security flaws that are addressed in this release. Of those, seven were found by external sources which are listed below along with the bounty Google paid for finding the
Google Chrome for Windows
flaws.
- [$7500][601073] High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous.
- [$7500][613266] High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- [$4000][603725] Medium CVE-2016-1698: Information leak in Extension bindings. Credit to Rob Wu.
- [$3500][607939] Medium CVE-2016-1699: Parameter sanitization failure in DevTools. Credit to Gregory Panakkal.
- [$1500][608104] Medium CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu.
- [$1000][608101] Medium CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu.
- [$1000][609260] Medium CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer.
As is normally the case, the full details of everything fixed in this release have not been published by the Chromium team. They generally wait until a significant number of users have updated so they are not exploited. Further, this update only pertains to the Chrome browser. The update to Chrome OS, which will have the same update, will likely happen over the course of the next several days.
