Google fixes risky Chrome bugs
Google has updated its Chrome browser to fix a critical bug that could allow an attacker to execute malicious code on a user's system.
The update also fixes a bug that could allow the execution of malicious JavaScript code.
Chrome 3.0.195.32, released on Thursday, fixes a bug in the browser's implementation of the Gears SQL application programming interface (API) that could allow a malicious website to crash the Gears plug-in and possibly execute malicious code on a user's system, Google said in an advisory.
Gears is a Google-directed open-source project that enables offline support and other features for web applications.
The bug could allow a malicious site to use the Gears SQL API to maliciously craft SQL metadata, which could cause a memory corruption, Google said. This could cause the Gears plug-in to crash or possibly allow the execution of malicious code.
Google released further details to developers, but said it will only make the bug fully public once most Chrome users have installed the fix. The company ranked this bug 'high risk'.
The second, 'medium-risk' flaw is that the browser does not warn users when they download certain file types, including SVG, MHT and XML files, which nevertheless have the potential to execute JavaScript code on a user's system.
For instance, Chrome could automatically download an MHT (Mime HTML) file, which, if executed by the user, would run by default in Internet Explorer. Such a file could include malicious JavaScript code that could, for example, be used to disclose sensitive files on a user's system, according to Google. However, such an attack would depend on a user's executing the downloaded file.
The update fixes the problem by adding the file types in question to Chrome's blacklist of potentially dangerous file types, so the user is warned before such files are downloaded.
The security website SecureThoughts.com has published more details on the workings of this bug.
Google is currently at work on version 4 of Chrome, and it released a beta-test version of Chrome 4.0.223.16 last week, including features such as bookmark synchronisation. The company said it is working on a beta-test version of Chrome for the Mac.