In association with heise online

01 October 2009, 09:19

Google closes vulnerability in Chrome 3

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Google Chrome Google has released version of Chrome 3, a security update that addresses a high risk vulnerability in its WebKit-based browser. A bug in the implementation of dtoa() used by Chrome's V8 JavaScript engine to parse strings into floating point numbers can be exploited by an attacker to execute arbitrary code. The vulnerability is reportedly contained to the Chrome sandbox. According to Google, for an attack to be successful, a "victim would need to visit a page under an attacker's control".

Users that currently have Chrome installed can update using the built-in update function by clicking 'Tools', selecting 'About Google Chrome' and clicking the 'Update' button.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit