Tech
Google plugs 'high risk' Chrome browser holes
Security flaws in Google Chrome can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user's system.
Some of these security holes can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user's system, according to this Secunia advisory.Secunia rates this a "highly critical" update.
According to this basic documentation, there are a total of 11 vulnerabilities in this patch batch. Google is withholding details on most of the serious vulnerabilities until the majority of Chrome users are fully patches.
Some of the flaws affect Linux users only.
Here's what we know:
- [48225] [51727] (Medium-risk) Possible autofill / autocomplete profile spamming.
- [48857] (High-risk) Crash with forms.
- [50428] (Critical) Browser crash with form autofill. Credit to the Chromium development community.
- [51680] (High-risk) Possible URL spoofing on page unload.
- [53002] (Low-risk) Pop-up block bypass.
- [53985] (Medium-risk) Crash on shutdown with Web Sockets. [Linux only] [54132] (Low-risk) Bad construction of PATH variable.
- [54500] (High-risk) Possible memory corruption with animated GIF. Credit to Simon Schaak.
- [Linux only] [54794] (High-risk) Failure to sandbox worker processes on Linux.
- [56451] (High-risk) Stale elements in an element map.
Google paid $1,000 in bounties to researchers who reported two of the 11 vulnerabilities.