Google Patches 36 Vulnerabilities in Chrome 57
Google released its latest incremental milestone of the popular Chrome web browser on March 9, with Chrome 57.0.2987.98 made generally available in the stable channel for Windows, macOS and Linux users.
From a security perspective, Google is providing patches for at least 36 different vulnerabilities in Chrome 57, nine of which are rated as having a high impact.
18 of the flaws were publicly reported to Google by third-party researchers that are being rewarded for their efforts. In total, Google is awarding researchers $32,000 for security vulnerabilities that have now been patched in Chrome 57.
While $7,500 is the largest payout Google is making for Chrome 57, it's not the biggest reward the company has available for bugs. On March 2, Google announced it is increasing the amount it pays for Remote Code Execution flaws from $20,000 to $31,337.
Additional Bug Bounty Awards for Fixed Flaws in Chrome 57
The second biggest financial award for Chrome 57 is a $5,000 award going to researcher Looben Yang. Yang reported a use-after-free memory issue in the ANGLE (Almost Native Graphics Layer Engine) OpenGL web graphics library utilized by Chrome. In total, six different use-after-free memory issues are patched by Chrome 57, for a total financial award tally of $13,500.
In addition to the security fixes, Chrome 57 also provides users with a few incremental feature updates, though it's likely that only developers will notice them. Among the new features is support for the CSS Grid Layout specification, which helps web developers build more responsive web designs.
Like Mozilla's Firefox 52, which was released earlier this week, Chrome 57 now also provides support for WebAssembly, enabling developers to run near-native code inside of a browser.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.