The regular monthly security update to the Chrome browser has been released with over a dozen different security fixes. The update build is version 51.0.2704.79 for those keeping score at home and it is rolling out now to those who have the browser installed on their Windows PC, Mac or Linux device. If you have the browser installed, you can wait for the OTA to come to you or you can got to Menu>Settings>About> which will force the update to happen. You’ll need to restart Chrome once you have the update installed.
In all, there are 15 security flaws that are addressed in this release. Of those, seven were found by external sources which are listed below along with the bounty Google paid for finding the
- [$7500] High CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous.
- [$7500] High CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- [$4000] Medium CVE-2016-1698: Information leak in Extension bindings. Credit to Rob Wu.
- [$3500] Medium CVE-2016-1699: Parameter sanitization failure in DevTools. Credit to Gregory Panakkal.
- [$1500] Medium CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu.
- [$1000] Medium CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu.
- [$1000] Medium CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer.