The Chromium team has released Chrome build 51 for Windows and Mac, updating the browser with a significant number of bug fixes and security improvements. The updated build is version 51.0.2704.63 and it is available now for those of you who have the browser installed. To force the update, go to Menu>Settings>About and the browser will go and look for the update, download it and after you restart your the browser, will apply it. Do note Linux users, this update is not available to you just yet. The release notice from the Chromium team indicates that the Linux build will be coming out shortly.
The guts of this update to the browser are pretty significant. Overall there are 42 different fixes or security patches in this build. Nine of the fixes are considered high priority but, and a testament
to the ever evolving improvements to the security of Chrome, there are none that are considered critical.
Here is the rundown of fixes in this release, including the bounty paid for the issue and the finder of the issue.
[$7500] High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
[$7500] High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$7500] High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
[$7500] High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
[$7500] High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu.
[$4000] Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360.
[$3500] High CVE-2016-1678: Heap overflow in V8. Credit to Christoph Diehl.
[$3500] High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
[$3000] High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
[$3000] High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
[$1000] Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to kingstonmailbox.
[$1000] Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
[$1000] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.
[$1000] Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
[$1000] Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent’s Xuanwu LAB.
[$1000] Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.
[$1000] Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
[$1000] Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
[$1000] Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
[$500] Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
[$500] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
[$500] Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to jackwillzac.
[$500] Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester.
As with any of these types of updates, It is highly recommend that users update as soon as possible to protect themselves against any vulnerabilities, even if they are remote.