Peaches Posted May 7, 2009 Report Share Posted May 7, 2009 7 May 2009, 10:41Google's Chrome browser vulnerable Google has released security update 1.0.154.64 for its Chrome browser, which is aimed at fixing two security vulnerabilities. The first of these is an error when processing bitmap data in the render process. By manipulating information on the number of pixels, it is apparently possible to overwrite memory. Attackers could exploit this to inject and execute code with the user's privileges. Since, according to Google, the data for this must originate from the render process itself, an attacker would have had to first manipulate this via another vulnerability. Despite this, Google classifies the problem as critical.The second vulnerability is in Google's Skia 2D graphics library. An integer multiplication checking bug can reportedly be exploited to provoke an integer overflow, either crashing a browser tab or executing code in the Chrome sandbox. Visiting a crafted web page with JavaScript and Canvas elements is sufficient to exploit the vulnerability. Google classifies this as high risk."Full details here: Heise security - http://www.h-online.com/security/Google-s-...e--/news/113231 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.