The Google Chrome development team has released a security update for the stable release version of Google Chrome 2. The release of the Google browser fixes two security vulnerabilities that are rated high and provides one security fix that is rated medium. The first vulnerability in the JavaScript engine of the web browser allows attackers to run arbitrary code within the Google Chrome sandbox. A victim running an unpatched version of the web browser needs to visit a specifically prepared website to trigger the attack.
A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code.
The second security vulnerability can also allow an attacker to run arbitrary code in the Google sandboxed environment. A malicious XML payload may be able to trigger the condition.
Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected.
The security fix finally treat SSL sites who use MD2 or MD4 hashes to sign certificates as invalid as the algorithms are considered weak and can allow attackers to spoof the https site.
Google Chrome no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site.
Users can check for updates from within the web browser or download the latest version from the Google Chrome website.
Read Related Posts
-
Google Chrome Security Vulnerability
-
Google Chrome Address Spoofing Vulnerability
-
More Google Chrome Vulnerabilities emerge
-
Google Chrome And Firefox Extensions Differences
-
Use Google Chrome For Secure Web Browsing
-
Latest Google Chrome 4 Dev Release Fixes Lots Of Bugs
-
Google Chrome 4
-
Google Chrome 3 Updated
