Google closes critical vulnerability in Chrome 2
Less than two weeks after the last vulnerabilities were closed, Google has released version 126.96.36.199 of Chrome 2, a security update fixing another critical vulnerability in its web browser based on Apple’s open source WebKit browser application framework. The cause of the vulnerability is a buffer overflow when processing certain responses from HTTP servers. A specially crafted response from a server could be used to crash the browser, or allow an attacker to remotely execute arbitrary code. Further details of the vulnerability, however, are currently being withheld until "a majority of users are up to date with the fix". In addition, the developers also addressed two network issues, however, they are not security related.
Users that currently have Chrome installed can use the built-in update function by clicking Tools, selecting About Google Chrome and clicking the Update button. According to a recent joint study by Google Switzerland and the ETH (Swiss Federal Institute of Technology) in Zurich, automatically updating without requiring user confirmation is the most successful way to ensure a high rate of distribution of the latest release and consequently a low number of vulnerable browsers.
- Stable, Beta update: Security fix, security advisory from Google.