Google to patch vulnerabilities in Chrome

By on

Google Chrome's Stable channel has been updated to version 1.0.154.64 to fix two security issues that were discovered by internal Google testing.

It claimed that the patch, named CVE-2009-1441, would mean that a failure to properly validate input from a renderer (tab) process could allow an attacker to crash the browser and possibly run arbitrary code with the privileges of the logged on user.

 

To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process. Google has rated this vulnerability as critical.

 

A vulnerability was also patched that would allow an attacker to be able to run arbitrary code within the Google Chrome sandbox. This vulnerability has been rated as high, as a victim would need to visit a page under an attacker's control, and any code that an attacker might be able to run inside the renderer process would be inside the sandbox.

 

See original article on scmagazineus.com

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?