After about a month of testing in the beta channel, Google has released a significant update to the Chrome browser for Windows, Mac and Linux. The update brings the browser to version 48 (48.0.2564.82 for those keeping score at home) and comes with a long list of security fixes and improvements. In total, there are 37 fixes in this update to the browser and users of Chrome are encouraged to get the update quickly. You can always let your Chrome browser find the update on its own or you can force the issue by going to menu>Settings>About and it will force your install to go look for an update.
A blog update on the Chrome blog is expect soon to highlight all of the changes.
In total, there were 2 high priority fixes and 5 medium priority items highlighted in the announcement from the Chrome team. Here they are along with credit for the person or organization that uncovered them.
[$3000] High CVE-2016-1612: Bad cast in V8. Credit to cloudfuzzer.
] High CVE-2016-1613: Use-after-free in PDFium. Credit to anonymous.
] Medium CVE-2016-1614: Information leak in Blink. Credit to Christoph Diehl.
] Medium CVE-2016-1615: Origin confusion in Omnibox. Credit to Ron Masas.
] Medium CVE-2016-1616: URL Spoofing. Credit to Luan Herrera.
] Medium CVE-2016-1617: History sniffing with HSTS and CSP. Credit to jenuis.
] Medium CVE-2016-1618: Weak random number generator in Blink. Credit to Aaron Toponce.
] Medium CVE-2016-1619: Out-of-bounds read in PDFium. Credit to Keve Nagy.
Those dollar amounts to the left are the bounty that those individuals or organizations will receive for their efforts. Google is quite clear that they will pay for help in keeping their browser and apps secure and here is the proof of it.
One thing to note in this release. As of now it is not clear it if includes the new algorithm that will reportedly improve web page loading times by up to 28%. I have personally updated my Chrome browser on my Windows 10 machine this morning but I have not noted any difference in load times. If it is confirmed I will update this post.