Version 54.0.2840.99 of Google Chrome was released yesterday that fixes for 3 reported vulnerabilities as well as other issues discovered internally by Google. Unfortunately, at this time the severity of these vulnerabilities is unknown, but based on the bounty reward it is possible that at least 2 of them could possibly lead to remote code execution. 

Google Chrome 54.0.2840.99

According to the release notes for this version,

This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$5500][643948] High CVE-2016-5199: Heap corruption in FFmpeg. Credit to Paul Mehta

[$5000][658114] High CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han

[$1000][660678] Medium CVE-2016-5201: Info leak in extensions. Credit to Rob Wu

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

  • [662843] CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives

It is strongly advised that everyone update Chrome as soon as possible.

To update Chrome, simply click on the Settings menu button (), click on Help, and then select About Chrome. Chrome will then check for updates and install them.  A restart of Chrome will be required to fully finish the upgrade.

 

 

Related Articles:

Google Chrome to let Isolated Web App access sensitive USB devices

Is your cybersecurity vendor transparent about vulnerability fixes?

Chrome for Android tests feature that securely verifies your ID with sites

Fake Google Chrome errors trick you into running malicious PowerShell scripts

New Windows Server KB5039227 and KB5039217 updates fix LSASS crashes