Google Fixes a Crtical Security Flaw in Chrome
Google said that it had recently patched a critical security vulnerability in its browser 'Chrome'. The new Chrome version 220.127.116.11 comes with the patch of the vulnerability that could enable hackers to launch buffer overflow attack.
If the attack gets successful, then it allows hackers to crash down the browser and install malicious code on a targeted machine with the rights of logged-on user.
According to Google, the hackers need to use a specifically designed response from a Hyper Text Transfer Protocol (HTTP) server in order to exploit the vulnerability.
Besides, the new version of Chrome deals with two other security and stability issues, including browser crash problems faced by users at the time of loading some secure HTTPS sites.
SSLtampering vulnerability is ranked high and could be used by an active network attacker to block CONNECT request and reply. The attacker uses a non-200 response that contains malicious code. This code could be executed in the background of victim's requested SSL-protected domain.
It is said that Google will give more information about the vulnerability ones all Chrome users patch their browser. Internal security team of Chrome is credited of discovering the flaw. Users who have already been using Chrome could patch the vulnerability using the built-in update run by clicking on Tools, selecting About Google Chrome and then clicking on Update button.
In general, browser security updates have become more common now-a-days. The update marks appeared second time in two weeks, informing people that Google has updated its browser software.
Before this update, Google had released patches for two flaws on June 9, 2009 that involved the WebKit application framework used to power the open-source browser. If any user accesses a malicious website, hackers could execute a code in Chrome sandbox. There was one more flaw in WebKit's handling of drag events that helped in the disclosure of sensitive data when content was brought to a malicious web page.
According to a joint study by the ETH (Swiss Federal Institute of Technology) and Google Switzerland, automatic updates without user's confirmation is the most effective and successful way to ascertain high rate distribution of new releases, which result in a less number of vulnerable browsers.
Related article: Google Rectifies Gmail flaw in Three Days
» SPAMfighter News - 7/2/2009
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!