Google's Chrome browser vulnerable
Google has released security update 18.104.22.168 for its Chrome browser, which is aimed at fixing two security vulnerabilities. The first of these is an error when processing bitmap data in the render process. By manipulating information on the number of pixels, it is apparently possible to overwrite memory. Attackers could exploit this to inject and execute code with the user's privileges. Since, according to Google, the data for this must originate from the render process itself, an attacker would have had to first manipulate this via another vulnerability. Despite this, Google classifies the problem as critical.
In addition to Chrome, Skia is also used in the Android operating system for mobile devices. It is not yet clear whether the vulnerability is also an issue for the mobile OS.
A Chrome update to fix multiple critical vulnerabilities was released around 2 weeks ago. Updates for Chrome are downloaded and installed via the automatic update function without further user interaction and become effective after restarting the browser. According to a recent study, automatically updating without requiring user confirmation is the most successful method for ensuring a high rate of uptake of the latest version and consequently a low number of vulnerable browsers.