Google Chrome Version 53.0.2785.143 m has been released that patched 2 remote code execution vulnerabilities. Remote code execution vulnerabilities are considered critical as it could allow attackers and malicious web sites to remotely execute any command they wish on an affected computer.
According to the release notes for this version,
This update includes these security fixes. Special note and congratulations to an anonymous security researcher for an excellent Pwnium entry: a chain of exploits that gains code execution in guest mode across reboots, delivered via web page. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future.
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
Due to the severity of the security vulnerabilities, it is advised that every update Chrome as soon as possible.
To update Chrome, simply click on the Settings menu button, click on Help, and then select About Chrome. Chrome will then check for updates and install them. A restart of Chrome will be required to fully finish the upgrade.
According to the release notes for this version,
This update includes these security fixes. Special note and congratulations to an anonymous security researcher for an excellent Pwnium entry: a chain of exploits that gains code execution in guest mode across reboots, delivered via web page. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future.
[$100,000][648971] Persistent code execution on Chrome OS. Credit to anonymous.
[649039] High CVE-2016-5179: Incorrect validation of writes to paths on stateful partition.
[649040] Critical CVE-2016-5180: Heap overflow in c-ares.
[649039] High CVE-2016-5179: Incorrect validation of writes to paths on stateful partition.
[649040] Critical CVE-2016-5180: Heap overflow in c-ares.
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
Due to the severity of the security vulnerabilities, it is advised that every update Chrome as soon as possible.
To update Chrome, simply click on the Settings menu button, click on Help, and then select About Chrome. Chrome will then check for updates and install them. A restart of Chrome will be required to fully finish the upgrade.
No comments:
Post a Comment