The stable channel has been updated to 57.0.2987.133 for Windows, Mac, and Linux. This will roll out over the coming days/weeks.
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$9337] Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
[$3000] High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
[$1000] High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
[$N/A] High CVE-2017-5056: Use after free in Blink. Credit to anonymous
[$N/A] High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.