Google plugs 'high risk' Chrome browser holes

Security flaws in Google Chrome can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user's system.

Google has shipped another Chrome browser update to fix multiple security security vulnerabilities.

Some of these security holes can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user's system, according to this Secunia advisory.Secunia rates this a "highly critical" update.

According to this basic documentation, there are a total of 11 vulnerabilities in this patch batch. Google is withholding details on most of the serious vulnerabilities until the majority of Chrome users are fully patches.

Some of the flaws affect Linux users only.

follow Ryan Naraine on twitter

Here's what we know:

  • [48225] [51727] (Medium-risk) Possible autofill / autocomplete profile spamming.
  • [48857] (High-risk) Crash with forms.
  • [50428] (Critical) Browser crash with form autofill. Credit to the Chromium development community.
  • [51680] (High-risk) Possible URL spoofing on page unload.
  • [53002] (Low-risk) Pop-up block bypass.
  • [53985] (Medium-risk) Crash on shutdown with Web Sockets. [Linux only] [54132] (Low-risk) Bad construction of PATH variable.
  • [54500] (High-risk) Possible memory corruption with animated GIF. Credit to Simon Schaak.
  • [Linux only] [54794] (High-risk) Failure to sandbox worker processes on Linux.
  • [56451] (High-risk) Stale elements in an element map.

Google paid $1,000 in bounties to researchers who reported two of the 11 vulnerabilities.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All