In association with heise online

21 April 2010, 11:25

Google closes vulnerabilities in Chrome 4 for Windows

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Chrome Logo Google has released version of Chrome for Windows, a security update that addresses four high risk vulnerabilities in its WebKit-based browser. These vulnerabilities are; a memory corruption issue in Chrome's V8 JavaScript Engine, type confusion errors with forums, cross-site scripting (XSS) vulnerabilities on the Chrome downloads page and HTTP request errors that could lead to possible cross-site request forgeries (XSRF).

The update also addresses three medium risk issues, a cross-site scripting bug, an issue that could cause pages to load with privileges of the New Tab page and a local file reference through developer tools. Further details of the vulnerabilities are being withheld until "a majority of users are up to date with the fix".

The first two high risk holes earned a developer going by the name of "kuzzcc" $500 each as part of Google's experimental Chrome Security Reward programme. Launched at the end of January, the programme is aimed at encouraging users to report vulnerabilities in its browser. Subject to committee decision, the standard $500 reward for each bug may be increased up to $1,337 for special cases and particularly critical issues.

More details about the update can be found in a post by Google Engineering Manager Mark Larson on the Google Chrome Releases Blog. Chrome for Windows is available to download for Windows XP, Vista and Windows 7. Users that currently have Chrome 4 installed can update using the built-in update function by clicking 'Tools', selecting 'About Google Chrome' and clicking the 'Update' button.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit