Google Fixes a Crtical Security Flaw in Chrome

Google said that it had recently patched a critical security vulnerability in its browser 'Chrome'. The new Chrome version 2.0.172.33 comes with the patch of the vulnerability that could enable hackers to launch buffer overflow attack.

If the attack gets successful, then it allows hackers to crash down the browser and install malicious code on a targeted machine with the rights of logged-on user.

According to Google, the hackers need to use a specifically designed response from a Hyper Text Transfer Protocol (HTTP) server in order to exploit the vulnerability.

Besides, the new version of Chrome deals with two other security and stability issues, including browser crash problems faced by users at the time of loading some secure HTTPS sites.

SSLtampering vulnerability is ranked high and could be used by an active network attacker to block CONNECT request and reply. The attacker uses a non-200 response that contains malicious code. This code could be executed in the background of victim's requested SSL-protected domain.

It is said that Google will give more information about the vulnerability ones all Chrome users patch their browser. Internal security team of Chrome is credited of discovering the flaw. Users who have already been using Chrome could patch the vulnerability using the built-in update run by clicking on Tools, selecting About Google Chrome and then clicking on Update button.

In general, browser security updates have become more common now-a-days. The update marks appeared second time in two weeks, informing people that Google has updated its browser software.

Before this update, Google had released patches for two flaws on June 9, 2009 that involved the WebKit application framework used to power the open-source browser. If any user accesses a malicious website, hackers could execute a code in Chrome sandbox. There was one more flaw in WebKit's handling of drag events that helped in the disclosure of sensitive data when content was brought to a malicious web page.

According to a joint study by the ETH (Swiss Federal Institute of Technology) and Google Switzerland, automatic updates without user's confirmation is the most effective and successful way to ascertain high rate distribution of new releases, which result in a less number of vulnerable browsers.

Related article: Google Rectifies Gmail flaw in Three Days

» SPAMfighter News - 02-07-2009

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial