Google rushes out Chrome patch for Pwnium zero-day flaws
Less than 24 hours after Sergey Glazunov hacked into a fully patched Windows 7 machine with a pair of Chrome zero-day flaws, Google rushed out a patch for Windows, Mac OS X, Linux and Chrome Frame users.
Technical details of the vulnerabilities are being kept under wraps until the patch is pushed out via the browser's silent/automatic update mechanism.
According to Google's advisory, the flaws related to universal cross-site scripting (UXSS) and bad history navigation.
- [Ch-ch-ch-ch-ching!!! $60,000] [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.
Glazunov's exploit also bypassed the Chrome sandbox to execute code with full permissions of the logged on user.
The Google browser was also popped by a hacking team from VUPEN and there's speculation that a vulnerability in the Flash Player plugin was exploited in that attack. VUPEN co-founder Chaouki Bekrar told me that the flaw existed in the default installation of Chrome but he declined to say if the faulty code was created by Google or a third-party vendor.
The Flash Player plugin in Chrome runs in a weaker sandbox than the full browser and has always been a tempting target for attackers.
Google is working on putting Flash within the more robust plugin and I'd told this will happen before the end of this year.
ALSO SEE: