Google just released patches for CVE-2017-5070 and 29 other flaws in Chrome in the latest stable version of the browser, Chrome 59.0.3071.86. Google paid out $23,500 to external researchers for their findings.
Chrome 59.0.3071.86: CVE-2017-5070 and Other Fixed Vulnerabilities
Google has fixed three address spoofing flaws in the latest version of its browser and several more since last September. Attackers have used these flaws to trick users into visiting suspicious websites, even ones packed with malware.
Google was quite thorough in releasing the details surrounding the vulnerabilities which were grouped in high, medium, and low-severity groups:
Google to Introduce Native Ad-Blocker to Chrome in 2018
The update doesn’t include a fix for a hack that enables attackers to automatically download malicious files to a victim’s computer with the purpose to steal credentials and launch SMB relay attacks. This flaw stems from the way Chrome and Windows itself handle .SCF files. Google is supposedly preparing a fix for the issue.
As for the near future, Google is currently working on a new ad-blocker for Chrome that should be introduced next year. According to the Wall Street Journal, the new feature will be turned on by default and will block ads from showing up on websites providing a bad advertising experience for users.