Google released the Chrome 52 web browser this week, which fixes 48 security vulnerabilities.
Of the fixes, there were 11 high risk vulnerabilities, along with six medium severity issues.
The most important of the patched vulnerabilities was a sandbox escape in Pepper Plugin API (PPAPI), the cross-platform API for Native Client-secured web browser plugins. Google classified the vulnerability, discovered by Pinkie Pie who earned $15,000, as high risk.
Another high risk hole was a URL spoofing on iOS. Researcher xisigr of Tencent’s Xuanwu Lab found the vulnerability and picked up a $3,000 bounty.
The remaining nine high severity flaws include a use-after-free in extensions, a heap-buffer-overflow in sfntly, same-origin bypass in Blink, use-after-free in Blink, same-origin bypass in V8, memory corruption in V8, URL spoofing, and use-after-free in libxml.
Fixes for all of the security issues are in the Chrome 52.0.2743.82 release.