The extensions API in Google Chrome before 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote malicious user to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data.
Google is urging Windows, Mac and Linux users to update their Chrome browsers to fix multiple vulnerabilities that could allow malicious third parties to take control of targeted systems.
Released Thursday, Chrome version 55.0.2883.75 for Windows, Mac, and Linux fixes those security issues. It also introduces a number of new features to the browser to enhance the way it handles panning gestures and to support CSS automatic hyphenation.
The United States Computer Emergency Readiness ...