Google plugs 'high risk' WebKit holes in Chrome

Google plugs 'high risk' WebKit holes in Chrome

Summary: Google has shipped a Chrome browser update to fix two serious security issues in WebKit.According to Google Chrome program manager Mark Larson, the most serious of the two flaws could allow hackers to execute harmful code in the browser's sandbox.

SHARE:
TOPICS: Browser, Google, Security
5

Google has shipped a Chrome browser update to fix two serious security issues in WebKit.

According to Google Chrome program manager Mark Larson, the most serious of the two flaws could allow hackers to execute harmful code in the browser's sandbox.  It is rated "high severity."

From Google's advisory:

A memory corruption issue exists in WebKit's handling of recursion in certain DOM event handlers. Visiting a maliciously crafted website may lead to a tab crash or arbitrary code execution in the Google Chrome sandbox. This update addresses the issue through improved memory management.

[ SEE: Study: Silent patching best for securing browsers ]

For an attack to be successful, the victim would havve to visit a Web page under the attacker's control.  Larson said that any code that an attacker might be able to run inside the renderer process would be inside the sandbox.

The update also fixes:

An issue exists in WebKit's handling of drag events. This may lead to the disclosure of sensitive information when content is dragged over a maliciously crafted web page. This update addresses the issue through improved handling of drag events.

Google rates this a "medium" severity bug and warns that an attacker might be able to read data belonging to another web site, if a user can be convinced to select and drag data on an attacker-controlled site.

The patch is being pushed out to Google Chrome via the browser's silent/automatic update mechanism.

Topics: Browser, Google, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Silent updating a risk in itself?

    Since Chrome's silent updating mechanism doesn't
    require any user intervention or even awareness,
    this vector would seem like pure gold to a
    malicious coder. Everything else in the universe
    has been cracked, why should I believe that this
    mechanism is invulnerable. Even Superman feared
    Kryptonite. Nothing has happened yet, but "never
    say never", right?
    jjourard
    • Right

      I will worship you to the fullest extent of the law. Who said that Chrome is invulnerable? Nothing is safe, but Google's team does take action. Then again, I only use Firefox for everything and IE for Online Virus Scans (most of the time I hardly get into virus afflicting sites, so IE is idle for weeks/months).
      megamanx
    • Browser reaches out

      It is the browser that reaches out to Google servers and polls for updates. To intercept that traffic an attacker needs control of your network and/or DNS servers.

      Even so, Chrome presumably communicates over https and/or uses code signing to verify the validity of the update.

      Such a system is very hard to break. In all the years of WindowsUpdate there have not been a single example of it being compromised.

      honeymonster
  • Microsoft Problem

    This is an issue with windows 95 and IE2 and Microsoft needs to bbe held accountable.
    dougbeer
  • RE: Google plugs 'high risk' WebKit holes in Chrome

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut