Security holes in nascent Google Chrome patched

Share this article:
Security holes in nascent Google Chrome patched
Security holes in nascent Google Chrome patched

Google's new Chrome browsers has been updated for several security flaws, two of which it classified as critical.

The fixes include a buffer overflow vulnerability in handling long file names that display in the “Save As... dialog.” That is, if a user saves a web page with a long title, a hacker could take over control of the PC and run malicious code.

The second critical flaw arises when the browser handles link targets displayed in the status area when the user hovers over a link, which lead to execution of arbitrary code.

Other fixes include one for an out-of-bounds memory read when parsing URLs ending with “:%,” and a change to make it impossible to have the desktop as the default directory, mitigating the risk of cluttering the desktop with unwanted downloads, some of which could be malicious.

Google Chrome users are being automatically updated; Google said automatic updates are a feature of the browser to ensure safety.

The update did not include a patch for the "carpet bomb" vulnerability disclosed by researcher Aviv Raff -- the same flaw that was once present in Apple's Safari browser.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

EU conducts massive cyberattack simulation on critical networks

Conducted by the European Union Agency for Network and Information Security, the simulation launched 2,000 attacks on the networks of various critical infrastructure organizations.

FilmOn accuses DoubleVerify of distributing malware

In readying a libel suit against DoubleVerify, FilmOn says it discovered that the firm deliberately distributed malware.

Schumer: Feds should do 'top to bottom' probe of online drug marketplaces

Sen. Charles Schumer of New York has called on federal law enforcement officials to stop "copy cat websites."