Chrome web browser ended updated in a move to fix five vulnerabilities in the application.
Google rated the vulnerabilities as one at the critical level and four at high risk.
Chrome 57.0.2987.133 released for Windows, Mac, and Linux users just weeks after version 57 moved into the stable channel. In addition to bringing several functionality improvements, the previous browser release included the availability of CSS Grid Layout, along with patches for 36 vulnerabilities.
The most severe bug fixed in the latest update is a critical use after free vulnerability in printing. CVE-2017-5055 ended up discovered by Wadih Matar, who earned a $9,337 bounty for the finding, according to Google’s advisory.
One of the high risk flaws resolved in this release is a heap buffer overflow in V8 (CVE-2017-5054), discovered by Nicolas Trippar of Zimperium zLabs, who earned a $3,000 bounty. One other issue was a bad cast in Blink (CVE-2017-5052), found by JeongHoon Shin, who gained $1,000.
Another vulnerability was a use after free in Blink (CVE-2017-5056), discovered by a researcher who opted to remain anonymous. The final one was an out of bounds memory access in V8 (CVE-2017-5053), found by Team Sniper (Keen Lab and PC Mgr) and reported through ZDI (ZDI-CAN-4587). Google didn’t reveal the bounties paid for these two issues.