Google has released Chrome 51.0.2704.79 to address multiple vulnerabilities for Windows, Linux, and OS X. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Ongoing internal security work was responsible for a wide range of patches, and this update includes a total of 15 security fixes. Here are the fixes contributed by external researchers:
- $7500 – High – CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to Anonymous.
- $7500 – High – CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- $4000 – Medium – CVE-2016-1698: Information leak in Extension bindings. Credit to Rob Wu.
- $3500 – Medium – CVE-2016-1699: Parameter sanitization failure in DevTools. Credit to Gregory Panakkal
- $1500 – Medium – CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu.
- $1000 – Medium – CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu.
- $1000 – Medium – CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer.