/>
X
Business

Google patches 'critical' Chrome code execution flaws

The first security patch for Google's new Chrome browser is out, fixing at least two "critical" vulnerabilities that put Windows users at risk of code execution attacks.[ SEE: Google Chrome vulnerable to carpet-bombing flaw ]The patch, which is rolled out automatically via Chrome's auto-update feature, also addresses two additional security vulnerabilities -- the carpet-bombing issue and a denial-of-service flaw that could lead to browser crashes and data loss.
Written by Ryan Naraine, Contributor on
Google patches 'critical' Chrome code execution flaws
The first security patch for Google's new Chrome browser is out, fixing at least two "critical" vulnerabilities that put Windows users at risk of code execution attacks. [ SEE: Google Chrome vulnerable to carpet-bombing flaw ]

The patch, which is rolled out automatically via Chrome's auto-update feature, also addresses two additional security vulnerabilities -- the carpet-bombing issue and a denial-of-service flaw that could lead to browser crashes and data loss.

From the release notes:

  • Fixes a buffer overflow vulnerability in handling long filenames that display in the "Save As" dialog. This is a critical risk that could lead to execution of arbitrary code.  See here for fix details.
  • Fixes a buffer overflow vulnerability in handling link targets displayed in the status area when the user hovers over a link.  This is a critical risk that could lead to execution of arbitrary code.  The issue was reported privately to Google.  Fix details here.
  • Fixes an out of bounds memory read when parsing URLs ending with :%.  This is a low risk that can be used to crash the entire browser, possibly causing loss of data in the current session.  Fix information here.
  • The update also changes the default Downloads directory if it is set to Desktop to ensure that Desktop cannot be the default. This mitigates the risk of malicious cluttering of the desktop (aka carpet bombing) with unwanted downloads, which can lead to executing unwanted files.

[ SEE: Google Chrome vulnerabilities starting to pile up ]

Curiously,  user agent for the fully patched version of Chrome (version 0.2.149.29) is still showing WebKit 525.13 (Safari 3.1) , meaning that Aviv Raff's two-click PC takeover vulnerability is still unpatched.

Google patches ‘critical’ Chrome code execution flaws

I just tested Raff's proof-of-concept that combines two flaws -- one in Safari and one in Java -- and was still able to execute code without warning.   Strange.

Editorial standards

Related

The 16 best Cyber Monday deals under $30 still available
Amazon Fire TV Stick 4K

The 16 best Cyber Monday deals under $30 still available

Apple names the 16 best apps and games of 2022, with BeReal taking top honors
App Store icon

Apple names the 16 best apps and games of 2022, with BeReal taking top honors

The 38 best Cyber Monday deals at Costco still available
LG 65" Class - QNED80 Series

The 38 best Cyber Monday deals at Costco still available