Google earlier this week updated the Chrome Stable channel to 16.0.912.77 for Windows, Mac, Linux and Chrome Frame, patching four privately reported vulnerabilities in its browser. How come only four, you ask, when the headline clearly mentions five? Actually the fifth was patched a couple of weeks back, but Google mistakenly failed to include it in the release notes.
The four bugs fixed this week all carry a “high” severity rating and were discovered using AddressSanitizer. The bugs are being kept private until a majority of Chrome users have updated to the latest stable build of the browser.
The fifth vulnerability, which was fixed during the last update but not included in the release notes, is the odd one out with a “critical” rating. A use-after-free vulnerability in Chrome’s Safe Browsing technology, it caused the browser to crash when the user refreshed the page on seeing the browser’s anti-malware warning. It was discovered by security researcher Chamal de Silva, who reported it to Google in December and earned a $3,133 bounty in the process.