In association with heise online

11 February 2010, 11:39

Google fixes vulnerabilities in Chrome 4 for Windows

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Google Chrome Logo Google has released version of Chrome for Windows, a security update that addresses three high risk vulnerabilities in its WebKit-based browser. High risk vulnerabilities include a bug when processing the <ruby> tag and two integer overflow issues – one in Chrome's V8 JavaScript Engine and another that deserialised Chrome sandbox messages. The update also addresses two medium risk issues, one of which can lead to the leak of a redirection target in iframes and another related to domain confusion when populating the HTTP authentication dialogue. Further details of the vulnerabilities are being withheld until "a majority of users are up to date with the fix".

The "domain confusion" issue was discovered by Timothy D. Morgan of Virtual Security Research (VSR), making him the first person to receive a cash reward for finding and reporting a bug in Google's web browser. Morgan chose to donate his $500 bug report award to the Haiti relief effort and because of this Google raised the donation to $1,337.

Google launched the experimental Chrome Security Reward programme at the end of last month to encourage external security researchers to report vulnerabilities in its browser. Subject to committee decision, the standard $500 reward for each bug may be increased up to $1,337 for special cases and particularly critical issues.

More details about the update can be found in a post by Chrome Program Manager Anthony Laforge on the Google Chrome Releases Blog. Chrome for Windows is available to download for Windows XP, Vista and Windows 7. Users that currently have Chrome 4 installed can update using the built-in update function by clicking 'Tools', selecting 'About Google Chrome' and clicking the 'Update' button.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit