Google closes vulnerabilities in Chrome 2
A vulnerability in WebKit can be exploited by an attacker to crash a tab or execute arbitrary code in Google Chrome due to a memory corruption issue in WebKit's handling of recursion in certain DOM event handlers. For an attack to be successful, a victim must first visit a maliciously crafted website. The malicious code, however, will be sandboxed, limiting the damage that an attacker can do when exploiting the vulnerability. Nonetheless, Google considers the vulnerability to be a high risk.
Google has released version 18.104.22.168, a security update, which fixes the problems. Apple also recently closed the vulnerabilities in its WebKit-based Safari web browser with the release of version 4.0 on June 8th.
The updates also address a vulnerability in WebKit's handling of drag events that could lead to the disclosure of sensitive information if content is dragged over a maliciously crafted web page. Users that currently have Chrome installed can use the built-in update function by clicking Tools, selecting About Google Chrome and clicking the Update button.
So far, neither Google nor Apple have advised which version of WebKit fixed the problems. The current nightly builds also seem to have fixed the issues. As several other browsers also use WebKit, updates should be released in the near future.
- Stable update: 2 WebKit security fixes, advisory from Google.
- Safari 4 addresses numerous security vulnerabilities, a report from The H.