Google closes vulnerabilities in Chrome 3
Google has released version 126.96.36.199 of Chrome, a security update that addresses a high risk vulnerability in its WebKit-based browser. In addition to a number of stability fixes, the stable channel update fixes a bug that could lead to possible memory corruption in the Gears plug-in. For an attack to be successful, a victim would have to visit a site under the attackers control and give that site access to Gears. The attacker could then place the Gears SQL metadata into a bad state which, in turn would cause memory corruption that could cause the Gears plugin to crash or allow for arbitrary code execution.
More details about the release can be found in a post by Chrome Program Manager Anthony Laforge on the Google Chrome Releases Blog. Users that currently have a Chrome beta channel release installed can update using the built-in update function by clicking 'Tools', selecting 'About Google Chrome' and clicking the 'Update' button.
- Chrome adds Bookmark Sync, a report from The H.
- Chrome adds Native Client technology, a report from The H.
- Chrome adds new defence for cross-site scripting attacks, a report from The H.