Google issues security update to Android and Chrome

Google issues security update to Android and Chrome [Image: xijian via iStock]

Google has issued security patches for its Android mobile operating system and Chrome internet browser, which have eliminated a number of vulnerabilities.

In a security bulletin, Android said it was being patched in order to avoid users suffering from “a critical security vulnerability in Media Framework that could enable a remote attacker using a specially crafted file to cause memory corruption during media file and data processing”.

The company did add, however, that it has had no reports of any active customer exploitation on the back of these newly reported issues.

Among the components Android patched was the bluetooth, which had a security flaw that could have seen a local malicious app gaining access to data outside of its permission levels.

Libraries, media framework and the system user interface were also patched. This will prevent attackers causing memory corruption during file processing and “executing arbitrary code within the context of an unprivileged process”.

It comes as Google has announced it is increasing the amount it pays to third-party researchers who responsibly disclose bugs in the Android system. The Android Security Rewards programme was established in 2015 and pays an average of $2,150 (£1,664) per reward.

Google has also updated its Chrome browser for Windows, macOS and Linux. It features patches for 30 security vulnerabilities. At least 16 of those were reported by third-party researchers.

The update wasn’t focused purely on security, however. It upgraded Chrome’s JavaScript, which has allowed for faster page loading while using less memory. Google said that Chrome now loads web pages between ten and 20 per cent faster than it previously did. It also features full support for animated PNG files, which has brought it in line with Apple’s iMessage and Mozilla’s Firefox apps.