Google closes vulnerability in Chrome 3
Google has released version 3.0.195.24 of Chrome 3, a security update that addresses a high risk vulnerability in its WebKit-based browser. A bug in the implementation of
dtoa()
used by Chrome's V8 JavaScript engine to parse strings into floating point numbers can be exploited by an attacker to execute arbitrary code. The vulnerability is reportedly contained to the Chrome sandbox. According to Google, for an attack to be successful, a "victim would need to visit a page under an attacker's control".
Users that currently have Chrome installed can update using the built-in update function by clicking 'Tools', selecting 'About Google Chrome' and clicking the 'Update' button.
See also:
- Stable Channel Update, security advisory from Google.
(crve)