This week, Google released the latest stable update for its Chrome browser addressing three high priority security vulnerabilities. Version 49.0.2623.87 of Chrome is available now for Windows, Mac and Linux computers, and although Google isn’t willing to discuss the fixes in detail, a recent blog post explains the basics of the bugs.
CVE-2016-1643, the first of the three security issues, is a type confusion within Blink, which ZDNet describes as a rendering engine used by the Chrome browser. The researcher who discovered the vulnerability was rewarded $5,000.
CVE-2016-1644, the second issue, was also a Blink-related issue. The use-after-free vulnerability in Blink was a memory corruption problem which could have given hackers the ability to execute code on the browser remotely. The researcher behind this discovery, Atte Kettunen of the Oulu University Secure Programming Group was granted $3,500.
CVE-2016-1645, the third and final flaw, was an out-of-bounds write issue in PDFium (Chrome’s PDF rendering engine). Google credits an anonymous researcher working with HP’s Zero Day Initiative for this discovery, but didn’t announce any sort of reward.
As long as you’ve closed and reopened your Chrome browser in the past couple of days, chances are that your browser has been automatically updated. But if you want to make sure, just tap the menu button in the top right corner of the browser, click Settings and then navigate to the About tab on the left-hand side of the screen.
If you see “Google Chrome is up to date,” then you’re good to go. Otherwise, the update should be in the process of downloading. Let it finish, then restart your browser. Now you’re safe from those vulnerabilities.