Google updates Chrome security; withdraws crashing development browser

Share this article:
Security holes in nascent Google Chrome patched
Security holes in nascent Google Chrome patched

Google Chrome was updated Wednesday to fix two security issues in the WebKit web browser engine.

A memory corruption issue, labeled "Severity: High" by Google, existed in WebKit and could have caused arbitrary code execution in the Chrome sandbox, which is designed to run applications in restricted environments to prevent exploits, according to a post on the Google Chrome Releases blog.

Another security issue was manifest in WebKit's handling of "drag events," in which a user clicks on the mouse and drags it somewhere else before releasing, that could have led to the disclosure of information when content was moved over a maliciously crafted web page.

“An attacker might be able to read data belonging to another website, if a user can be convinced to select and drag data on an attacker-controlled site," said Mark Larson, Google Chrome program manager.

In a separate development, Google on Wednesday announced patches for security issues in a "dev version" of its Chrome browser. But Google withdrew the updates an hour later.

Google Chrome 3.0.187.0 had been released to the development channel for Windows, Mac OS X, and Linux, according to an announcement on a Google Chrome Releases blog. But later it was withdrawn because it caused numerous crashes on testers' machines.

In a note posted on the blog, Larson said: “I'm stopping the update of this build. Apologies to those who've already got the update. We'll push a fix as soon as we can [on Thursday].”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.