Original URL: http://www.theregister.co.uk/2009/10/02/google_chrome_security_update/
Google Chrome update fills in parsing bug
Browser engine gets security tune-up
Posted in Operating Systems, 2nd October 2009 12:14 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Google has published a update to its Chrome browser that addresses a newly discovered high risk security hole.
Chrome version 3.0.195.24 sorts an error in processing long floating point numbers that creates a means for hackers to execute malware within the Google Chrome sandbox. The flaw in the dtoa() component of Chrome's engine is of a type that might lend itself to drive-by download attacks, as explained in Google's advisory here [1].
Although any malware would only run inside Chrome's sandbox, Google still defines the flaw as "high risk". Security notification firm Secunia goes further and describes [2] the flaw, discovered by Maksymilian Arciemowicz of SecurityReason (advisory here [3]), as "highly critical". ®