Google Patches 36 Vulnerabilities in Chrome 57

Google released its latest incremental milestone of the popular Chrome web browser on March 9, with Chrome 57.0.2987.98 made generally available in the stable channel for Windows, macOS and Linux users.

From a security perspective, Google is providing patches for at least 36 different vulnerabilities in Chrome 57, nine of which are rated as having a high impact.

18 of the flaws were publicly reported to Google by third-party researchers that are being rewarded for their efforts. In total, Google is awarding researchers $32,000 for security vulnerabilities that have now been patched in Chrome 57.

The single largest award is a $7,500 bounty going to researcher Brendon Tiszka for CVE-2017-5030, which is a memory corruption issue in the V8 JavaScript engine.

While $7,500 is the largest payout Google is making for Chrome 57, it’s not the biggest reward the company has available for bugs. On March 2, Google announced it is increasing the amount it pays for Remote Code Execution flaws from $20,000 to $31,337.

The V8 JavaScript engine is also being patched for a medium severity information disclosure flaw identified as CVD-2017-5040, for which researcher Choongwoo Han is being awarded a $2,000 bounty.

Additional Bug Bounty Awards for Fixed Flaws in Chrome 57

The second biggest financial award for Chrome 57 is a $5,000 award going to researcher Looben Yang. Yang reported a use-after-free memory issue in the ANGLE (Almost Native Graphics Layer Engine) OpenGL web graphics library utilized by Chrome. In total, six different use-after-free memory issues are patched by Chrome 57, for a total financial award tally of $13,500.

In addition to the security fixes, Chrome 57 also provides users with a few incremental feature updates, though it’s likely that only developers will notice them. Among the new features is support for the CSS Grid Layout specification, which helps web developers build more responsive web designs.

Like Mozilla’s Firefox 52, which was released earlier this week, Chrome 57 now also provides support for WebAssembly, enabling developers to run near-native code inside of a browser.

Sean Michael Kerner is a senior editor at eSecurityPlanet and Follow him on Twitter @TechJournalist.

Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Top Products

Related articles