Chrome OS Sees a Minor But Important Security Update Roll Out

If you remember Monday of this week, there was a minor update to the Chrome browser for Windows, Mac and Linux that rolled out.  It was the second month in a row that a mid-stream update had happened on the browser and it was specifically aimed at addressing some security flaws.  Now, as expected, the updated version of Chrome OS has started to roll out to devices with that same update.  The version you are looking for is build 49.0.2623.111 (Platform version: 7834.66.0/7834.67.0) and it is for all Chrome devices.

There are no details on what is contained in the update in the post made by Google on the release.  It only states that “bug fixes” were addressed.  If, however, we look at the Chrome browser

Chrome OS
Chrome OS

update, you can probably guess safely that the same updates are in the OS version too.  Here is the list of the major bugs addressed in the browser update as a refresher.

[$7500][594574] High CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.

[$5500][590284] High CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous.

[$5000][590455] High CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous.

[595836] High CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
In addition to the bug fixes, whatever those happen to be, there is also a new build of Adobe Flash in this update to the OS.  That new version is which also contains some security updates.
Systems will get the updated version of Chrome OS over the course of the next few days but you can always force the update by going to Settings>About Chrome OS and have it check for an update.