Feeds

Google publishes Chrome patch details

Carpet-bombing fix looks threadbare

Boost IT visibility and business value

Google has belatedly released details of a security update to its newly released Chrome browser, days after it actually pushed out the patch.

The update was published on Friday and users of Chrome were automatically updated, but details of the vulnerabilities fixed and performance tweaks only emerged on Monday, via a mailing list posting and a new Google Chrome blog.

Mark Larson, a Google Chrome program manager, writes that Google Chrome Beta version 0.2.149.29 addresses two critical vulnerabilities, a small number of lesser flaws and a variety of performance tweaks.

The first of the two critical bug fixes addresses a buffer overflow bug in handling long filenames, while the second deals with a vulnerability in handling link targets. Both the flaws create a means for hackers to inject hostile code into vulnerable systems, hence their critical rating. The release also fixes a lesser browser crashing bug involved in parsing URLs ending with ":%".

Google has also responded to its exposure to the infamous Safari carpet-bombing flaw by ensuring that desktop is not the default directory for downloads. "This mitigates the risk of malicious cluttering of the desktop with unwanted downloads, which can lead to executing unwanted files," it explains.

Hmm. This is, at best, only a partial workaround, and Google would do far better to address the underlying flaw.

The update also includes a number of performance and stability tweaks including a JavaScript problem involving Facebook, flaws in search suggestions on various sites, and a performance issue involving the Safe Browsing mode.

More details on the update can be found in a posting on the Google Chrome blog here. ®

Boost IT visibility and business value

More from The Register

next story
USA to insist on pre-flight mobe power probe
Prove it works or it can't come aboard flights to USA
Brit celebs' homes VANISH from Google's Street View
Tony Blair's digs now a Tone-y Blur
Computing student jailed after failing to hand over crypto keys
Sledgehammer once again used to crack a nut
Doctor Who season eight scripts leak online
BBC asks fans to EXTERMINATE copies before they materialise
Snowden leaks latest: NSA, FBI g-men spied on Muslim-American chiefs
US Navy veteran? Lawmaker? Academic? You're all POTENTIAL TERRORISTS
Russian MP fears US Secret Service cuffed his son for Snowden swap
Seleznev Jnr is 'prolific trafficker in stolen credit card data', it is alleged
Insecure AVG search tool shoved down users' throats, says US CERT
Sneaky 'foistware' downloads install things you never asked for
That 'wiped' Android phone you bought is stuffed with NAKED SELFIES – possibly
Infosec bods sound alarm after copping eyefuls of nudie pics
prev story

Whitepapers

How modern custom applications can spur business growth.
In this whitepaper learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
The Power of One eBook: Top reasons to choose HP BladeSystem
Only the Power of One delivers leading infrastructure convergence, availability and scalability with federation, and agility through data center automation.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximizing your infrastructure through virtualization
Virtualization continues to be one of the most effective ways to consolidate, reduce cost, and make data centers more efficient.
Build a Business Case: Developing Custom Apps
In this whitepaper learn how to maximize the value of custom applications by accelerating and simplifying their development.