Google Chrome update fills in parsing bug

Browser engine gets security tune-up

Fri 2 Oct 2009 // 12:14 UTC

Google has published a update to its Chrome browser that addresses a newly discovered high risk security hole.

Chrome version 3.0.195.24 sorts an error in processing long floating point numbers that creates a means for hackers to execute malware within the Google Chrome sandbox. The flaw in the dtoa() component of Chrome's engine is of a type that might lend itself to drive-by download attacks, as explained in Google's advisory here.

Although any malware would only run inside Chrome's sandbox, Google still defines the flaw as "high risk". Security notification firm Secunia goes further and describes the flaw, discovered by Maksymilian Arciemowicz of SecurityReason (advisory here), as "highly critical". ®

More about

COMMENTS

TIP US OFF

Send us news

Topics

Special Features

Vendor Voice

Resources

Channel

Google Chrome update fills in parsing bug

Browser engine gets security tune-up

More about

TIP US OFF

Other stories you might like

Spotify claims Apple wants 'tax' for in-app pricing tweak

DARPA's latest toy is a 20-foot, 12-ton tank that drives itself

City council audit trail is an audit fail after disastrous Oracle ERP rollout

Reducing the cloud security overhead

SK hynix breaks Q1 revenue records on back of AI boom

Russia, Iran pose most aggressive threat to 2024 elections, say infoseccers

Meta's value plummets as Zuckerberg admits AI needs more time and money

Atos hopes for lifeline as refinancing saga set to drag on into May

Japan's Moon lander makes it through another lunar night

Turns out teaching criminals to write web code keeps them out of prison

Throwflame launches fire-spitting robo-dog from Hell

Microsoft and Amazon's AI ambitions spark regulatory rumble

About Us

Our Websites

Your Privacy