Google's Chrome gets a security patch

By Jeremy Kirk, IDG News Service |  Security, Chrome, Google Add a new comment

September 08, 2008, 9:42 AM A Vietnamese security company has found a critical vulnerability in Google's new browser Chrome, but Google has already released patch for that problem and at least one more.

The vulnerability is one of several problems identified in the browser since it was released early last week. The bug is a buffer overflow that occurs if a user saves a Web page containing an overly long "title" tag, according to Bach Koa Internetwork Security (Bkis), based at the Hanoi Institute of Technology.

The browser can encounter a problem trying to save a file with the name contained in the overly long title tag. An attacker could then have control of the PC and could execute other code on the machine, Bkis wrote on its blog. The problem can be exploited on PCs running Windows XP SP2 and Chrome version 0.2.149.27.

Chrome users are advised to upgrade to the latest version. To do that, go to the wrench icon in the upper right hand corner of the browser and down to "About Google Chrome." The browser will then check for an update. If there is one, Chrome will download it and ask to restart. The up-to-date version is 0.2.149.29.

Although Google has been working on Chrome for two years, it still considers the browser a beta version. The company was using the browser internally among its employees for some time, but its surprise unveiling last week set the browser loose to the general public in more than two dozen languages.

Last week, researcher Aviv Raff wrote that Chrome had a vulnerability due to its use of an outdated version of WebKit web browser engine. The vulnerability is know as the "carpet bombing" flaw, which can cause Windows to download a potentially dangerous JAR (Java archive) and execute it without warning users. Google has also fixed that flaw, a company spokesman said Monday.

The second problem identified shortly after Chrome's release could allow hackers to force Chrome to crash. That vulnerability, found by security researcher Rishi Narang, could be exploited by constructing a malicious link of a certain format, according to Narang's advisory.

    Add a comment

    Post a comment using one of these accounts
    Or join now
    At least 6 characters

    Note: Comment will appear soon after you have activated your account.
    Obscene/spam comments will be removed and accounts suspended.
    The information you submit is subject to our Privacy Policy and Terms of Service.

    ITworld LIVE

    SecurityWhite Papers & Webcasts

    White Paper

    Overcome Top 7 Admin Challenges of Active Directory

    As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable, enforceable processes that reduces administrative overhead and enables robust, customizable reporting and auditing capabilities. Brought to you by NetIQ.

    White Paper

    Insiders Can Ruin Your Company. Take Action.

    Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper from NetIQ, discusses key technology solutions that help to prevent and detect insider threats.

    White Paper

    Top Solutions and Tools to Prevent Devastating Malware

    Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts. This white paper has been brought to you by NetIQ, the leader in solving complex IT challenges.

    White Paper

    Streamline Compliance and Increase ROI

    Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will help your business gain the maximum return on investment possible while aligning your compliance programs.

    White Paper

    X-Ray of the PCI Process-4 Proactive Steps

    This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into creating a compliant and secure IT environment. Follow these four proactive steps now before your next audit. Brought to you by NetIQ.

    See more White Papers | Webcasts

    Answers - Powered by ITworld

    ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

    Join Now

    New questions

    How much will the security flaws in Google Wallet set back the transition to "digital wallets"?
    2 answers
    What can be done to control noise levels in data centers?
    1 answer
    What mobile apps are the worst offenders to user privacy?
    2 answers
    What are the main advantages/disadvantages of a hybrid cloud model vs. the public cloud?
    2 answers
    How do you bill for independent sales reps in a company IT contract?
    2 answers
    View more questions

    Ask a question

    Join Now or Sign In to ask a question.
    Ask a Question