All the latest UK technology news, reviews and analysis

Google fixes severe Chrome flaws

by Phil Muncaster

26 Aug 2009

Be the first to comment

  • Tweet this
Google Chrome
The Chrome flaws could lead to remote code execution

Google has been forced to release new security fixes for multiple high severity vulnerabilities in its Chrome browser which could lead to an attacker taking over a victim's PC remotely.

The flaws, which were issued as part of the Chrome 2.0.172.43 update sent automatically to users, include two rated 'high severity' and one 'medium risk', according to a security advisory posted by Google engineering programme manager Jonathan Conradt.

Further reading

The first, CVE-2009-2935, involves a flaw in the V8 JavaScript engine which could allow "specially-crafted JavaScript on a web page to read unauthorised memory, bypassing security checks".

"It is possible that this could lead to disclosing unauthorised data to an attacker, or allow an attacker to run arbitrary code," wrote Conradt. "An attacker might be able to run arbitrary code within the Google Chrome sandbox."

The other vulnerability, CVE-2009-2416, could lead to pages using XML causing a Google Chrome tab process to crash, said the firm.

"A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected," read the advisory.

Google stressed, however, that Chrome's sandbox feature prevented the vulnerabilities from being rated 'critical'.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

US President Barack Obama

US identified as Stuxnet perpetrator with Obama's backing

Related white papers

Related articles

Related jobs

Today's top stories

Olympics

Top 10 steps businesses can take to prepare for the Olympics

amazon-kindle-touch-e-book-reader

Amazon Kindle Touch review

London Underground train going into tunnel

Virgin reveals 82 London Underground stations to receive Wi-Fi

Poll

Flame virus poll

Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?

30%

1%

12%

57%

Features

V3's Madeline Bennett

It's time to change tax system to bring technology manufacturing back to the UK

The V3 hotseat

The V3 Hot Seat: Imperva CTO and co-founder Amichai Shulman

Flame in monitor screen

Quick guide to Flame malware attack

cookies

Quick guide to cookie law compliance

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Symanteccloud

Social networking: a guide for IT managers

Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them

Riverbed

Mitigating the risks of IT change

The importance of understanding your infrastructure

Technology jobs

Principle Network Design Engineer

Key skills for this role include a comprehensive understanding...

Senior Information Security Consultant

Fantastic opportunity for an Information Security Professional...

VB.NET Developer Cheshire

VB.NET Developer / SQL / VB6 / ASP / XML / Cheshire...

Security Architect

Fantastic opportunity for a high calibre Security Architect...

To send to more than one email address, simply separate each address with a comma.