For those of you who use Google Chrome as your browser on your PC, Mac or Linux box, there is a new update to the browser that brings a handful of security updates. The new build is version 50.0.2661.102 for those keeping score at home and it is out now for you to update. To force the issue, go to the menu then go to Settings>About. That’ll force Chrome to go look for the update, download it and it will be applied for you after a restart of the browser.
As for what is addressed in the update, there are five updates in total, three of which were marked as high issues. Here is the list and the bounties that were paid for finding the defects.
Google Chrome for Windows
[$8000][605766] High CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski.
[$7500][605910] High CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski.
[$3000][606115] High CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.
[$1337][578882] Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.
[$500][586657] Medium CVE-2016-1671: Directory traversal using the file scheme on Android.Credit to Jann Horn.
The gory details of what all is fixed hasn’t been released by the Chromium team yet per their normal process. They generally don’t release the details until a high percentage of users have downloaded the update.
You can read all the release notes for this update on the Chromium Blog.
