Technology news and Jobs arrow Information Technology News arrow Google Chrome patched, but problems remain
Google Chrome patched, but problems remain E-mail
by Davey Winder   
Tuesday, 09 September 2008
That didn't take long. Google has announced an updated version of Chrome which fixes 'confirmed security vulnerabilities' amongst other things, but plenty of problems remain unsolved...

A posting to the Google Groups Chrome support forum has announced the availability of an update to the Chrome browser.

Featured Whitepaper

5 Best Practices for Smartphone Support
According to the poster, the Chrome 0.2.149.27 update fixes 'confirmed security vulnerabilities' although despite requests from users in the forum declined to expand upon what these might be.

However, a little digging revealed that it is likely to be the buffer overflow problem that was identified by a Vietnamese security researcher on September 5th.

"We have just discovered vulnerability in Google Chrome 0.2.149.27" the Security Vulnerability Research Team at the Bach Khoa Internetwork Security (BKIS) outfit from the Hanoi University of Technology said.

"This is the first Critical Chrome Vulnerability permitting hacker to perform a remote code execution attack and take complete control of the affected system. Based on Security Communities, there are 4 Chrome Vulnerabilities discovered, and the vulnerability which we announced is the only one that can cause remote attacks. Other vulnerabilities just can make Chrome crashed."

The team say that they submitted the vulnerability to Google which confirmed and assigned a verifier for build 0.2.149.28.

According to Le Duc Anh, the researcher responsible, the vulnerability is caused "due to a boundary error when handling the “SaveAs” function. On saving a malicious page with an overly long title (<title> tag in HTML), the program causes a stack-based overflow and makes it possible for attackers to execute arbitrary code."

A hacker could construct a web page with the malicious code, trick the Chrome user into visiting get them to save the page which would cause the malicious code to be executed.

Other problems fixed by the update include that of URLs containing ':%' which could cause Chrome to crash. Unfortunately, as confirmed by posters to the support forum, other problems such as non-working trackpads remains.

And, of course, the much written about WebKit blended threat vulnerability has not been fixed either.

Tags See All Tags


Chrome  Davey Winder  Google  Google Chrome  Patches  Security  Update 
Powered By Joomla Tags

Please enable JavaScript in your browser to post your comment!
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
 694,279
Subscribers 15,210
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

- Advertisement -

Featured Whitepapers

...More

Today on iTWireToday on iTWire

Latest news
Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire , Subscribe to SMS headlines , White Papers