Threat of the month: Chrome exploit
What is it?Various vulnerabilities and weaknesses in Google Chrome, which were successfully combined into two separate exploits and demonstrated to execute code outside the sandbox.
How does it work?The first exploit by a skilled Chrome researcher, Sergey Glazunov, combined a universal cross-site scripting vulnerability with a weakness in history navigation to execute code. The second, by a researcher using the handle “PinkiePie,” combined three separate vulnerabilities related to plug-in loading and corruption of GPU process memory.
Should I be worried?
As these exploits successfully combined multiple vulnerabilities to execute code, users should definitely be careful.
How can I prevent it?
Any system running a version of Chrome older than version 17.0.963.79 should be updated to protect against the vulnerabilities. As Chrome automatically updates to the latest version by default, most systems should already
be patched.
