Yes, a fake Chrome update is out there circulating, but Google released a real one this week as well, with nine patches that earned combined bug bounties of $14,000.
The malware-delivering “update” is for Android, but the latest stable channel has beenlegitimately updated to 50.0.2661.94 for Windows, Mac and Linux. Four of the flaws are considered high-severity.
Though Google didn’t release all the details of the bugs (and won’t, until the majority of users have updated), it did list the topline information: The high-severity flaws were: Out-of-bounds write in Blink; memory corruption in cross-process frames; use-after-free in extensions; and use-after-free in Blink’s V8 bindings. These all earned $3,000 each for external researchers.
Meanwhile, medium-severity issues include address bar spoofing and an information leak in V8—these earned $1,000 each. In total, five researchers split the $14,000.
Google also fixed an additional three security bugs using internal resources (CVE-2016-1666) that included “various fixes from internal audits, fuzzing and other initiatives.”
Read more Google Pays Out $14K in Bug Bounties in Latest Chrome Update
The malware-delivering “update” is for Android, but the latest stable channel has beenlegitimately updated to 50.0.2661.94 for Windows, Mac and Linux. Four of the flaws are considered high-severity.
Though Google didn’t release all the details of the bugs (and won’t, until the majority of users have updated), it did list the topline information: The high-severity flaws were: Out-of-bounds write in Blink; memory corruption in cross-process frames; use-after-free in extensions; and use-after-free in Blink’s V8 bindings. These all earned $3,000 each for external researchers.
Meanwhile, medium-severity issues include address bar spoofing and an information leak in V8—these earned $1,000 each. In total, five researchers split the $14,000.
Google also fixed an additional three security bugs using internal resources (CVE-2016-1666) that included “various fixes from internal audits, fuzzing and other initiatives.”
Read more Google Pays Out $14K in Bug Bounties in Latest Chrome Update
