Security holes in nascent Google Chrome patched

Share this article:
Security holes in nascent Google Chrome patched
Security holes in nascent Google Chrome patched

Google's new Chrome browsers has been updated for several security flaws, two of which it classified as critical.

The fixes include a buffer overflow vulnerability in handling long file names that display in the “Save As... dialog.” That is, if a user saves a web page with a long title, a hacker could take over control of the PC and run malicious code.

The second critical flaw arises when the browser handles link targets displayed in the status area when the user hovers over a link, which lead to execution of arbitrary code.

Other fixes include one for an out-of-bounds memory read when parsing URLs ending with “:%,” and a change to make it impossible to have the desktop as the default directory, mitigating the risk of cluttering the desktop with unwanted downloads, some of which could be malicious.

Google Chrome users are being automatically updated; Google said automatic updates are a feature of the browser to ensure safety.

The update did not include a patch for the "carpet bomb" vulnerability disclosed by researcher Aviv Raff -- the same flaw that was once present in Apple's Safari browser.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.