Google updates Chrome security; withdraws crashing development browser

Share this article:
Security holes in nascent Google Chrome patched
Security holes in nascent Google Chrome patched

Google Chrome was updated Wednesday to fix two security issues in the WebKit web browser engine.

A memory corruption issue, labeled "Severity: High" by Google, existed in WebKit and could have caused arbitrary code execution in the Chrome sandbox, which is designed to run applications in restricted environments to prevent exploits, according to a post on the Google Chrome Releases blog.

Another security issue was manifest in WebKit's handling of "drag events," in which a user clicks on the mouse and drags it somewhere else before releasing, that could have led to the disclosure of information when content was moved over a maliciously crafted web page.

“An attacker might be able to read data belonging to another website, if a user can be convinced to select and drag data on an attacker-controlled site," said Mark Larson, Google Chrome program manager.

In a separate development, Google on Wednesday announced patches for security issues in a "dev version" of its Chrome browser. But Google withdrew the updates an hour later.

Google Chrome had been released to the development channel for Windows, Mac OS X, and Linux, according to an announcement on a Google Chrome Releases blog. But later it was withdrawn because it caused numerous crashes on testers' machines.

In a note posted on the blog, Larson said: “I'm stopping the update of this build. Apologies to those who've already got the update. We'll push a fix as soon as we can [on Thursday].”

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.