The Stable channel has been updated to 57.0.2987.137 (Platform version: 9202.60.0) for all Chrome OS devices except AOpen Chromebase Mini, AOpen Chromebox Mini, Google Chromebook Pixel (2015), ASUS Chromebook Flip C100PA, Samsung Chromebook Plus. This build contains a number of bug fixes, security updates, and feature enhancements. A list of changes can be found here. Systems will be receiving updates over the next several days.
Security Fixes:
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$3000][699166] High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
[$1000][662767] High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
[$N/A][705445] High CVE-2017-5056: Use after free in Blink. Credit to anonymous
[$N/A][702058] High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser).
Ketaki Deshpande
Google Chrome