Users of the Chrome browser for Windows, MacOS and Linux will want to grab the latest update rolling out. Chrome Build 53 has been pushed out by the Chromium team and with it comes a whole host of fixes, security patches and updates. Specifically, the build is version 53.0.2785.89 for those keeping score at home and it contains 13 high priority updates amongst the total of 20 updates. Many of those fixes have to do with Heap Overflows and spoofing which the Chromium team has closed thanks to the help of contributors globally. If you are running Chrome on your desktop, go to chrome://help and it will automatically start downloading the update for you. Remember that you will need to do an restart of the browser to kick in the new version.
As with most major update, the Chromium team has listed out the issues fixed in the release along with the bounty paid to those who discovered and reported them.
[$7500] High CVE-2016-5147: Universal XSS in Blink. Credit to anonymous
[$7500] High CVE-2016-5148: Universal XSS in Blink. Credit to anonymous
[$7500] High CVE-2016-5149: Script injection in extensions. Credit to Max Justicz (http://web.mit.edu/maxj/www/)
[$5000] High CVE-2016-5150: Use after free in Blink. Credit to anonymous
[$5000] High CVE-2016-5151: Use after free in PDFium. Credit to anonymous
[$5000] High CVE-2016-5152: Heap overflow in PDFium. Credit to GiWan Go of Stealien
[$3500] High CVE-2016-5153: Use after destruction in Blink. Credit to Atte Kettunen of OUSPG
[$3000] High CVE-2016-5154: Heap overflow in PDFium. Credit to anonymous
[$3000] High CVE-2016-5155: Address bar spoofing. Credit to anonymous
[$3000] High CVE-2016-5156: Use after free in event bindings. Credit to jinmo123
[$TBD] High CVE-2016-5157: Heap overflow in PDFium. Credit to anonymous
[$TBD] High CVE-2016-5158: Heap overflow in PDFium. Credit to GiWan Go of Stealien
[$TBD] High CVE-2016-5159: Heap overflow in PDFium. Credit to GiWan Go of Stealien
[$n/a] Medium CVE-2016-5161: Type confusion in Blink. Credit to 62600BCA031B9EB5CB4A74ADDDD6771E working with Trend Micro’s Zero Day Initiative
[$n/a] Medium CVE-2016-5162: Extensions web accessible resources bypass. Credit to Nicolas Golubovic
[$3000] Medium CVE-2016-5163: Address bar spoofing. Credit to Rafay Baloch PTCL Etisalat (http://rafayhackingarticles.net)
[$2000] Medium CVE-2016-5164: Universal XSS using DevTools. Credit to anonymous
[$1000] Medium CVE-2016-5165: Script injection in DevTools. Credit to Gregory Panakkal
[$TBD] Medium CVE-2016-5166: SMB Relay Attack via Save Page As. Credit to Gregory Panakkal
[$500] Low CVE-2016-5160: Extensions web accessible resources bypass. Credit to @l33terally, FogMarks.com (@FogMarks)
While there is plenty to be happy about with build 53 on the desktop, for Chrome OS users, the release of the browser has a slightly different meaning. Chrome Build 53 which it does come to Chrome OS will enable Android apps on the platform across a wide range of Chromebooks and other Chrome devices. With the browser being released, it is a good indicator that the Chrome OS release isn’t far behind.