Malware, Patch/Configuration Management, Vulnerability Management

Security holes in nascent Google Chrome patched

Google's new Chrome browsers has been updated for several security flaws, two of which it classified as critical.

The fixes include a buffer overflow vulnerability in handling long file names that display in the “Save As... dialog.” That is, if a user saves a web page with a long title, a hacker could take over control of the PC and run malicious code.

The second critical flaw arises when the browser handles link targets displayed in the status area when the user hovers over a link, which lead to execution of arbitrary code.

Other fixes include one for an out-of-bounds memory read when parsing URLs ending with “:%,” and a change to make it impossible to have the desktop as the default directory, mitigating the risk of cluttering the desktop with unwanted downloads, some of which could be malicious.

Google Chrome users are being automatically updated; Google said automatic updates are a feature of the browser to ensure safety.

The update did not include a patch for the "carpet bomb" vulnerability disclosed by researcher Aviv Raff -- the same flaw that was once present in Apple's Safari browser.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.