"Google has released Chrome version 49.0.2623.87 to address multiple vulnerabilities for Windows, Mac, and Linux," the bulletin reads. "Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system."The US-CERT advisory also provides a link to the Chrome Releases page, where a post announces that the stable channel has been updated to 49.0.2623.87 for Windows, Mac, and Linux. Google goes on to state that it retains the right to not publish links or other information regarding the bugs until most users have had a chance to implement the fix. The Mountain Valley-based company does reveal, however, that the security issues consist of a type confusion vulnerability in Blink, a use-after-free bug in Blink, and an out-of-bounds flaw in PDFium. External researchers contributed all of the security bugs, each of which is estimated at a "High" severity level. Two of the researchers received cash bounties for their discoveries, while the third has accepted credit as an anonymous researcher working for HP's Zero Day Initiative.
"The reason for this is to protect our users," reads an October 2015 post from Google's Devlin Cronin. "We've heard too frequently that many users are unaware of the extensions they have installed, whether this is due to sideloading, installation by phishing, or simply the user forgetting how many and which are installed. Unfortunately, extensions consume computing resources, and may have significant security, privacy, and performance impacts. Because of this, we've decided we need to increase user visibility."Google's updates also fell on the same date as this month's Patch Tuesday, for which Microsoft released 13 security bulletins. To read a detailed analysis of these releases, please click here.