This article is more than 1 year old

Google crushes five bad bugs with patch run and $20k in bounties

Follows Flash, Microsoft fixes.

Google has slung patches at vulnerabilities in its Chrome browser for Windows, Mac, and Linux.

The patches repair five known security holes found and reported by external researchers.

Google paid US$20,337 (£17,875, A$27,789) in bug bounties to researchers who reported the bugs.

Software quality assurance engineer Krishna Govind says the latest stable channel update to version 50.0.2661.102 .

"We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel," Govind says.

Govind says it finds many bugs through tools AddressSanitiser, MemorySanitiser, Control Flow Integrity, and LibFuzzer.

  • [$8000][605766] High CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski.
  • [$7500][605910] High CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski.
  • [$3000][606115] High CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.
  • [$1337][578882] Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.
  • [$500][586657] Medium CVE-2016-1671: Directory traversal using the file scheme on Android. Credit to Jann Horn.

The fixes follow patch runs at Adobe and Microsoft, including an emergency update to close a zero-day Flash hole that is being exploited by attackers. ®

More about


Send us news

Other stories you might like