Tech
Critical security hole in Google Chrome
For the second time in two weeks, Google has shipped a new version of its Chrome browser to fix a pair of serious security vulnerabilities.One of the two flaws carry a "critical" rating because of the risk of code execution with the privileges of the logged on user.
One of the two flaws carry a "critical" rating because of the risk of code execution with the privileges of the logged on user.
[ SEE: Internet Explorer + Google Chrome = security problem ]
Here are the details from this advisory:
- CVE-2009-1441: Critical. A failure to properly validate input from a renderer (tab) process could allow an attacker to crash the browser and possibly run arbitrary code with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.
- CVE-2009-1442: High Risk. A failure to check the result of integer multiplication when computing image sizes could allow a specially-crafted image or canvas to cause a tab to crash and it might be possible for an attacker to execute arbitrary code inside the (sandboxed) renderer process.
Google Chrome is released as a silent update, meaning that the browser patches itself without the user's knowledge.