Tuesday, August 25, 2009

Google fixes two critical Chrome flaws

Without much fanfare, Google has pushed out an update for Chrome that will seal up two vulnerabilities which could have posed a serious risk. The flaws, present in the V8 JavaScript engine that Chrome relies upon, could result in data compromise or even worse, total system compromise through code execution.

One flaw pertained to potentially fraudulent HTTPS sessions, and the more dangerous of the two could be triggered simply by visiting a maliciously-crafted page with certain XML content. Google has pushed out version 2.0.172.43 of Chrome already, making it available for download to anyone who uses Chrome. If you haven't updated already, it's a good idea to snag it.


Interestingly, Google is crediting how they discovered the flaws. Mozilla's security team was apparently responsible for alerting Google to one problem, and a security researcher was credited with discovering the other. That may be only a small note, but it is encouraging to see browser developers working together in some fashion.

1 komentar:

Post a Comment

  © Blogger templates ProBlogger Template by Ourblogtemplates.com 2008

Back to TOP