Chrome build 61.0.3163.100 is now rolling out to desktop users of the browser on Windows, Mac and Linux. The update is purely a security fix and performance update with no noted new features.
The update addresses three security issues in the browser, two of which were discovered as part of Google’s continuing bounty program. Those fixes, including the reward given to the one who found it, is below.
- [$7500][765433] High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- [$3000][752423] High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04
The other critical security issue found was found internally and no details were reported on it in the Release Notes.
As is normally the case, Google did not release a load of details on what was fixed other than the items above tracker item [767508]. That is for various fixes from internal audits, fuzzing and other initiatives.
To get the update, you can wait for the OTA update to come to your Windows PC, Mac or Linux box which should happen over the course of the next few days. If you want to force the issue, just type chrome://help in the browser ominbar and you can check for and apply the update immediately.
No Responses