In association with heise online

28 April 2010, 16:13

Three critical vulnerabilities in Google Chrome fixed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Google Chrome Logo Google has released version 4.1.249.1064 of its Chrome browser for Windows to correct three critical vulnerabilities. The company had fixed seven vulnerabilities in its WebKit-based browser just a week ago.

According to reports, the new problems relate to a bug in the GURL library which allows attackers to circumvent the same origin policy. It's also possible to provoke a memory error using prepared fonts, or when processing HTML5 media data. The vulnerabilities might allow an exploit to inject and execute code.

As part of its Chromium Security Reward programme, Google paid out $1,000 for notification of the vulnerability in the GURL library. The new version is available for Windows 7, Vista and XP. The automatic update mechanism should install the update, alternatively installation can be initiated manually. However, the old version may, for a short period, still be distributed by download servers.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-989358
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit