Daily cyber threats and internet security news: network security, online safety and latest security alerts
August 25th, 2009

High-risk Vulnerabilities In Google Chrome

Multiple serious security flaws in the Google Chrome browser could expose users to code execution attacks, according to an advisory released today.

The flaws, rated “high risk,” have been addressed in Google Chrome, which is released automatically to Chrome users.

Vulnerabilities include:

CVE-2009-2935 (High Severity): A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code. Technical details are being withheld until the fix is shipped to a majority of Chrome users. An attacker might be able to run arbitrary code within the Google Chrome sandbox

CVE-2009-2416 (High Severity) Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected. An attacker might be able to run arbitrary code within the Google Chrome sandbox.

With this update, Google Chrome will no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site, Google explained.

Credit: Security Blogs

Share this item with others:

More on CyberInsecure:
  • Computers With Internet Explorer And Google Chrome Installed Are At Risk
  • Trojan Poses As Google Chrome Browser Extension
  • Address Spoofing Flaw Allows Google’s Chrome Websites Impersonation
  • Microsoft Discovers Flaw In Google Plug-in For Internet Explorer
  • Google Chrome Browser Bug Could Leak Identity of Anonymously Surfing Users

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: High-risk Vulnerabilities In Google Chrome

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.