Pierluigi Paganini September 23, 2017

Google has just released an updated version of Chrome 61, version 61.0.3163.100, that addresses 3 security flaws, two of which rated high-severity.

The new version is already available for Windows, Mac, and Linux users and includes a total of three vulnerabilities.

The first high-risk bug, tracked as CVE-2017-5121, is an Out-of-bounds access in V8 reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14.

The expert received a $ 7,500 reward under the Google bug bounty program.

The second high-risk vulnerability, tracked as CVE-2017-5122, is an Out-of-bounds access in V8 as well that was reported by Choongwoo Han of Naver Corporation on 2017-08-04.

The CVE-2017-5122 vulnerability was also awarded a $3,000 bounty.

According to Krishna Govind from Google, many vulnerabilities in Google solutions have been detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

To date, Google has already fixed 25 vulnerabilities (8 of them were assessed as High-severity issues) affecting different Chrome 61 releases, half of which were reported by external researchers.

Google already paid over $30,000 in bug bounty rewards to the external security researchers who discovered the vulnerabilities, the highest one was $7,500.

Pierluigi Paganini

(Security Affairs – Google Chrome, bug bounty)

[adrotate banner=”5″]

[adrotate banner=”13″]