September 09, 2008

Security holes in nascent Google Chrome patched

Security holes in nascent Google Chrome patched
Security holes in nascent Google Chrome patched

Google's new Chrome browsers has been updated for several security flaws, two of which it classified as critical.

The fixes include a buffer overflow vulnerability in handling long file names that display in the “Save As... dialog.” That is, if a user saves a web page with a long title, a hacker could take over control of the PC and run malicious code.

The second critical flaw arises when the browser handles link targets displayed in the status area when the user hovers over a link, which lead to execution of arbitrary code.

Other fixes include one for an out-of-bounds memory read when parsing URLs ending with “:%,” and a change to make it impossible to have the desktop as the default directory, mitigating the risk of cluttering the desktop with unwanted downloads, some of which could be malicious.

Google Chrome users are being automatically updated; Google said automatic updates are a feature of the browser to ensure safety.

The update did not include a patch for the "carpet bomb" vulnerability disclosed by researcher Aviv Raff -- the same flaw that was once present in Apple's Safari browser.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.