Three critical vulnerabilities in Google Chrome fixed
Google has released version 4.1.249.1064 of its Chrome browser for Windows to correct three critical vulnerabilities. The company had fixed seven vulnerabilities in its WebKit-based browser just a week ago.
According to reports, the new problems relate to a bug in the GURL library which allows attackers to circumvent the same origin policy. It's also possible to provoke a memory error using prepared fonts, or when processing HTML5 media data. The vulnerabilities might allow an exploit to inject and execute code.
As part of its Chromium Security Reward programme, Google paid out $1,000 for notification of the vulnerability in the GURL library. The new version is available for Windows 7, Vista and XP. The automatic update mechanism should install the update, alternatively installation can be initiated manually. However, the old version may, for a short period, still be distributed by download servers.
See also:
- Google closes vulnerabilities in Chrome 4 for Windows, a report from The H.
- Google fixes vulnerabilities in Chrome 4 for Windows, a report from The H.
- Google invites attacks on Chrome, a report from The H.
(crve)