Google's Chrome Browser Vulnerable


Recommended Posts

7 May 2009, 10:41

Google's Chrome browser vulnerable

Google has released security update 1.0.154.64 for its Chrome browser, which is aimed at fixing two security vulnerabilities. The first of these is an error when processing bitmap data in the render process. By manipulating information on the number of pixels, it is apparently possible to overwrite memory. Attackers could exploit this to inject and execute code with the user's privileges. Since, according to Google, the data for this must originate from the render process itself, an attacker would have had to first manipulate this via another vulnerability. Despite this, Google classifies the problem as critical.

The second vulnerability is in Google's Skia 2D graphics library. An integer multiplication checking bug can reportedly be exploited to provoke an integer overflow, either crashing a browser tab or executing code in the Chrome sandbox. Visiting a crafted web page with JavaScript and Canvas elements is sufficient to exploit the vulnerability. Google classifies this as high risk."

Full details here: Heise security - http://www.h-online.com/security/Google-s-...e--/news/113231

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...