
Critical-risk vulnerabilities patched
Published: 9 September 2008 08:35 GMT
Google has revealed details of two critical-risk vulnerabilities in its Chrome browser and some lesser issues it says are now fixed.
The critical patches relate to buffer overrun vulnerabilities that could have let a remote attacker execute arbitrary software on a Chrome user's computer, said Mark Larson, a Google Chrome programme manager, in a mailing list posting yesterday.
Security A to Z
From antivirus to zero-day, click here for silicon.com's alphabetical guide to security. ![]()
The first patch fixed a vulnerability in handling long file names, called the SaveAs vulnerability, and the second a vulnerability in dealing with the website addresses displayed in Chrome's status area when the user hovers over a link.
Larson also established a Google Chrome Releases blog for announcements and release notes relating to Chrome. The company had said earlier it was working on a way to release that information, in part after people requested such notes well after Google started automatically updating Chrome browsers without saying exactly what was in the update.
Google also fixed two lesser security issues. First was an issue where typing "about:%" in the address bar could crash the computer. The problem also meant a web page with that text as a hyperlink could crash the browser if a user hovered the mouse pointer over the link. Second was to prevent the user's desktop from being the default download directory to mitigate "the risk of malicious cluttering of the desktop with unwanted downloads, which can lead to executing unwanted files", Larson said.
Other fixes addressed non-security issues: a JavaScript problem with Facebook; a problem suggesting search terms while using various websites; and some data-transfer issues with the Safe Browsing mode.
Original article: Google reveals Chrome security patch details from CNET News.com
The role of the Check Team Leader is to undertake technical health and vulnerability It is essential for this role to be a certified CHECK Team ...
Excellent internet skills in using various browsers and search engines Knowledge of browser quirks and variations SEO and SEM understanding and ...
Role: Monitor security policy compliance by conducting periodic audits and approved penetration tests.Be able to assess internal and external scan ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy