Update Your Chrome Browser to Latest Version "Chrome 55"- 36 Security Vulnerabilities Patched

If you are a Chrome your, then update it to its latest version “Chrome 55”. On Monday, Google has released this update to patch 36 security vulnerabilities. In this update, Google has also disabled popular Adobe Flash Plugin by default. From total 36 vulnerabilities, 26 had been discovered by external security researchers. Search engine giant Google has paid around $75,000 as bounties to these security researchers. From these 36 security vulnerabilities, 12 were considered as high-risk vulnerabilities. If we talk about medium level vulnerabilities, there was 9 such type of flaws and 5 vulnerabilities were considered as the low-level risk by Google.

List of High-Risk Vulnerabilities

CVE-2016-9651 (Private Property Access in V8)

Discovered by Guang Gong and he didn’t get any bounty for it.

CVE-2016-5208 (Universal XSS in Blink)

Discovered by Mariusz Mlynski and he got $7500 as bounty.

CVE-2016-5207 (Universal XSS in Blink)

Discovered by Mariusz Mlynski and he got $7500 as bounty.

CVE-2016-5206 (Same origin bypass in PDFium)

Discovered by Rob Wu and he got $7500 as bounty.

CVE-2016-5205 (Universal XSS in Blink)

Discovered by Anonymous and he got $7500 as bounty.

CVE-2016-5204 (Universal XSS in Blink)

Discovered by Mariusz Mlynski and he got $7500 as bounty.

CVE-2016-5209 (Out of Bounds write in blink)

Discovered by Giwan Go and he got $5000 as bounty.

CVE-2016-5203 (Use After Free in PDFium)

Discovered by Anonymous and he got $3000 as bounty.

CVE-2016-5210 (out of Bounds write in PDFium)

Discovered by Ke Liu (Tencent’s Xuanwu LAB) and he got $3500 as bounty.

CVE- 2016-5212 (Local File Disclosure in DevTools)

Discovered by Khalil Zhani and he got $3000 as bounty.

CVE-2016-5211 (Use after free in PDFium)

Discovered by Anonymous and he got $3000 as bounty.

CVE-2016-5213 (Use after free in V8)

Discovered by Khalil Zhani and he got $500 as bounty.

List of Medium-Level Risk Vulnerabilities

CVE-2016-5214 (File Download Protection Bypass)

Discovered by MSVR and Jonathan Birch and they didn’t get any bounty.

CVE-2016-5216 (Use after free in PDFium)

Discovered by Anonymous and he got $3000 as bounty.

CVE-2016-5215 (Use after free in Web audio)

Discovered by Looben Yang and he got $3000 as bounty.

CVE-2016-5217 (Use of unvalidated data in PDFium)

Discovered by Rob Wu and he got $2500 as bounty.

CVE-2016-5218 (Address Spoofing in Omnibox)

Discovered by Abdulrahman Alqabandi and he got $2000 as bounty.

CVE-2016-5219 (Use after free in V8)

Discovered by Rob Wu and he got $1500 as bounty.

CVE-2016-5221 (Integer overflow in ANGLE)

Discovered by Tim Becker and he got $1000 as bounty.

CVE-2016-5220 (Local File Access in PDFium)

Discovered by Rob Wu and he got $1000 as bounty.

CVE-2016-5222 (Address Spoofing in Omnibox)

Discovered by xisigr (Tencent’s Xuanwu Lab) and he got $500 as bounty.

List of Low-Risk Vulnerabilities

(Google did not pay any bounty to the researchers of these vulnerabilities)

CVE-2016-9650 (CSP Referrer disclosure)

Discovered by Jakub Zoczek

CVE-2016-5233 (Integer Overflow in PDFium)

Discovered by Hwiwon Lee

CVE-2016-5226 (Limited XSS in Blink)

Discovered by Jun Kokatsu

CVE-2016-5225 (CSP bypass in Blink)

Discovered by Scott Helme

CVE-2016-5224 (Same-origin bypass in SVG)

Discovered by Roeland Krak

Other Security Updates in Chrome 55

In this latest version of Chrome, HTML5 is the default experience and Google has disabled Adobe Flash Plugin by default. The user has to enable this plug manually. Google did this to prevent users from those malicious websites which are using Flash content out of the box. It is a good initiative of Google to improve user security.

Google has not disabled “Adobe Flash Plugin” for permanently. If a user visits a site which requires adobe flash plugin, he can enable it manually. The website will remember this option every time when user will visit the same website again. Adobe Flash Player is highly vulnerable plugin this step of Google will reduce the risk of browser hijack, cookie stealing attacks, and adware installations etc.

Some of the websites were showing an untrusted error when users were visiting these websites. These websites are using SLL and TLS certificates of GeoTrust, Symantec and Thawte. This issue has been resolved by Google in Chrome 55.

Conclusion

Google has released “Chrome 55’ to patch 36 security vulnerabilities so update your browser as soon as possible. This update is available for the Chrome users of Mac, Windows, and Linux Operating system. Don’t be lazy because every outdated software is always a malware.

Other Hot Hacking News: