Google updated Chrome 49 in order to patch several vulnerabilities.
Chrome 49.0.2623.108 resolves five vulnerabilities, four of which ended up identified and reported by external researchers.
Two of the issues, credited to “anonymous,” ended up described as high severity use-after-free vulnerabilities in Navigation and Extensions. The researcher or researchers who reported the flaws to Google earned $5,500 and $5,000, respectively.
At the Pwn2Own 2016 competition, JungHoon Lee (lokihardt) attempted to demonstrate a code execution exploit against Chrome. The attempt failed, but the researcher identified a high severity buffer overflow in libANGLE. Google’s advisory credits Lee for finding the flaw.
The latest Chrome update also patches multiple vulnerabilities found by Google’s own security team.