Google Fixes Twin Chrome Bugs
Further, the other vulnerability impacts XML. Web-pages that employ XML could lead to the crash down of a tab process in Google's Chrome. A specially crafted XML could kick start a use-after-free circumstance. However, other tabs remain uninfluenced, stated Jonathan Conradt, Engineering Program Manager at Google, as reported by ComputerWeekly on August 26, 2009.
Chris Evans, Information Security Engineer at Google, states that none of the two vulnerabilities has been given a "critical" rating as Google Chrome employs a sandbox that stops direct execution of arbitrary software on an end-user's computer.
Moreover, Google has also revised Chrome's method of dealing with SSL certificates. Henceforth, the browser wouldn't link up with HTTPS websites having certificates, which are issued with the help of MD4 and MD2 hashing algorithms. Google also said - the algorithms that could be compromised with collision attacks are potentially feeble since with them an attacker could create a fake website pretending to be a legitimate HTTPS site.
The security researchers stated that the team of security professionals at Mozilla were probably examining other open-source web-browsers and their own Firefox releases to find out if they had the same flaws. However, a more feasible anecdote was that Mozilla or Google tested a Firefox flaw derivative that Mozilla's team had discovered, on Chrome and found the identical outcomes of detrimental nature.
Meanwhile, to stay protected, users running Chrome were suggested to update the browser with its latest version.
Related article: Google Rectifies Gmail flaw in Three Days
» SPAMfighter News - 10-09-2009