The Chromium team has released Chrome 49 for those who use the browser on Windows, Mac and Linux. The update, build 49.0.2623.75 for those keeping score at home, brings a long list of bug fixes and security improvements to the browser. It is highly recommend that if you are using the browser on your PC that you update as soon as possible. Updating can be doing by going to chrome://help and letting it automatically update for you. You’ll have to restart your browser once it is done but otherwise it is pretty straight forward.
The number of fixes in this update is pretty impressive, with a total count of 26 security fixes being addressed. Google, as is usually the case, is not disclosing all of the details around these issues until a sufficient number of users have upgraded to the latest build. Once that happens, details will be available on the Chromium site. Google did however highlight those fixes that were addressed by 3rd party companies or individuals and the bounty that was paid to them for finding it.
[$8000] High CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz Mlynski.
[$7500] High CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski.
[$5000] High CVE-2016-1632: Bad cast in Extensions. Credit to anonymous.
[$3000] High CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer.
[$3000] High CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer.
[$2000] High CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu.
[$2000] High CVE-2016-1636: SRI Validation Bypass. Credit to email@example.com.
[$500] High CVE-2015-8126: Out-of-bounds access in libpng. Credit to joerg.bornemann.
[$2000] Medium CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy.
[$1000] Medium CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu.
[$1000] Medium CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani.
[$1000] Medium CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan Herrera.
[$500] Medium CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG.
Again, more details can be found in the coming days on the Chromium site for those who are interested.
While no update was provided on when we can expect the 49 train to hit Android devices and Chrome OS, it is likely not far behind. If the past is any indicator, we will likely see update announcements come tomorrow or Friday on those platforms.