Breach, Compliance Management, Data Security, Privacy, Vulnerability Management

Google fixes Chrome critical flaw, researcher snags $25K

An anonymous researcher picked up a $25,633 bug bounty for discovering a critical vulnerability in Chrome (CVE-2016-1629), which Google has now patched in version 48.0.2564.

While Google won't release details of the bug until the majority of users have had time to update, the company noted that it was a “same-origin bypass in Blink and Sandbox escape in Chrome.”

Google said it “will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed.”

Earlier this year, with the release of Chrome 48.0.2564.82 Google promoted Chrome 48 into the stable channel for Linux, Mac and Windows.

Related

Online store of European Space Agency compromised

Intergovernmental space exploration body European Space Agency had its online shop compromised with a malicious script triggering a bogus Stripe payment page that sought to exfiltrate payment card details and other sensitive customer details, reports BleepingComputer.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

AnonymizationBritish Standard 7799Certificate-Based AuthenticationChain of CustodyChallenge-Handshake Authentication Protocol (CHAP)CipherCryptanalysisCyclic Redundancy Check (CRC)Data Loss Prevention (DLP)Digital Certificate

You can skip this ad in 5 seconds