Google Chrome 149 Fixes 429 Security Flaws, Including 22 Critical Vulnerabilities
The impact on Google Chrome’s security from advances in AI continues to be felt, and the latest browser update shows just how hard the AI vulnerability detection shockwave is hitting. The latest update, which takes Chrome to version 149.0.7827.53/54, includes no less than 429 security vulnerabilities, of which 22 are replete with a Common Vulnerabilities and Exposures severity rating of critical. While some of these were discovered and disclosed by external security researchers, or bug bounty hunters if you prefer, the vast majority are credited to Google itself. There can be no doubt that Google’s internal security AI tooling is uncovering previously hidden security issues at some pace.
The good news is that these security vulnerabilities have all been fixed with the release of Chrome 149.0.7827.53/54 on the Linux, Mac and Windows platforms, and none are known to have been used by attackers, so-called zero day exploits, before the update disclosure. The Chrome update will be heading your way soon, but you can manually force the update to be on the safe side, and I will explain how in a moment.
Google Chrome Fixes 22 Critical Security Vulnerabilities, $209,000 In Bounties Awarded To Researchers
Security researchers continue to do good work uncovering hidden security vulnerabilities within the Chrome codebase, and some will use AI to help with their discoveries. They will also, however, use their experience and technical skills to provide proof of concepts for these discoveries. That such bug bounty prowess is not dead yet comes in the fact that these human hackers received a staggering $209,000 in reward payments for the flaws disclosed in the latest update.
Security researchers continue to do good work uncovering hidden vulnerabilities in the Chrome codebase, and some will use AI to aid their discoveries. They will also, however, use their experience and technical skills to provide proof of concepts for these discoveries. That such bug bounty prowess is not dead yet comes in the fact that these human hackers received a staggering $209,000 in reward payments for the flaws disclosed in the latest update. The biggest of these, $97,000, went to an anonymous researcher for a critical-rated out-of-bounds read and write vulnerability in Chrome’s ANGLE component. This was followed by a payment of $43,000 to, and yes, this is the credited hacker identity, c6eed09fc8b174b0f3eebedcceb1e792, for a use-after-free vulnerability, also critical, in the Network component.
