Google to patch vulnerabilities in Chrome

By

Google Chrome's Stable channel has been updated to version 1.0.154.64 to fix two security issues that were discovered by internal Google testing.

It claimed that the patch, named CVE-2009-1441, would mean that a failure to properly validate input from a renderer (tab) process could allow an attacker to crash the browser and possibly run arbitrary code with the privileges of the logged on user.

 

To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process. Google has rated this vulnerability as critical.

 

A vulnerability was also patched that would allow an attacker to be able to run arbitrary code within the Google Chrome sandbox. This vulnerability has been rated as high, as a victim would need to visit a page under an attacker's control, and any code that an attacker might be able to run inside the renderer process would be inside the sandbox.

 

See original article on scmagazineus.com


Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?