The Register® — Biting the hand that feeds IT

Feeds

Chrome update completes busy browser patch week

Time for an industry patch day?

By John Leyden, 12th June 2009
  • print
  • alert

Customer Success Testimonial: Recovery is Everything

Google has pushed out an update designed to fix a pair of vulnerabilities involving the WebKit application framework that underpins its Chrome browser.

The most severe of the two flaws involved a "high risk" memory corruption flaw in WebKit, which creates a potential means for hackers to inject hostile code into the sandbox used by the browser. The second flaw involves a less severe information disclosure risk, involving the Drag and Drop functionality built into WebKit.

Google's advisory can be found here.

The update completes a busy week on the browser security front with a significant cumulative update for Internet Explorer on Tuesday and a Firefox update on Thursday. In addition, Apple released a beta version of its Safari 4 browser earlier this week.

Outside the browser security arena, Adobe released the first of its scheduled patch updates on Tuesday, and FreeBSD dropped an update designed to defend against a stack-based buffer-overflow that poses a potential code injection risk.

It's becoming more difficult for hard-pressed sys admins to keep track of updates, especially when many arrive without any indication a fix is in development.

Some security patching experts, such as Andrew Storms, director of security operations at nCircle, advocate the creation on a general industry patching day to make the patching process easier to plan and manage, security blogger Ryan Naraine reports. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

COMMENTS

House Rules Send Corrections
All Reader Comments (8)
Latest Comments
Martin Edwards

Re: Aint WebKit Apple?

WebKit is an Apple fork of KDE's HTML and JavaScript engines, but is open source and Apple code has gone back into Konqueror. In making Chrome, WebKit was Google's choice of engine.

The relationship between Apple and the KDE developers hasn't been plain sailing (if you are interested, Wikipedia summarises some of the difficulties).

0
0
Anonymous Coward

Quick Fix...Less Problems

Id rather a fix to come out quicker than once a month. The amount of times ive seen system being infected (And they still do) because MS take ages to do a patch.

But take any OS software. And its patched within the day.

0
0
Alan 6

Global Patch Day

Can you imagine that, every computer on the planet downloading 300mb of patches at the same time, that would stress test the Internet...

0
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19