Chrome update plugs hush-hush browser hole

As Secunia releases browser patching tool

Got Tips? 1 Reg comments
cloud

Google has pushed out a new version of its browser that protects against a critical vulnerability as well as fixing some stability snags.

Version 2.0.172.33 of Chrome patches a severe flaw involving how the browser handles particular responses from HTTP servers. The security bug creates a buffer overflow risk, implying it opens a potential means for hackers to inject hostile code onto vulnerable systems. Google is holding off on details in order to give punters a chance to download the update.

A pair of other stability and security issues are also tackled by the latest version of the browser, including potential browser crash problems when loading some secure (HTTPS) sites, as explained in Google's release notes here.

The update marks the second time in two weeks that Google has updated its browser software. The previous revised version, released on 9 June, addressed two flaws involving the WebKit application framework that powers the open-source browser.

Browser security updates - in general - are becoming more frequent. Partially in response to this issue, security notification firm Secunia released a new version of its Personal Software Inspector tool on Wednesday. PSI version 1.5 of the free-of-charge (to consumers) software adds the ability to scan for browser or browser plug-in security holes, as explained by Secunia here. ®

Sponsored: Ransomware has gone nuclear

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

A bug in the code

GitHub gobbles biz used by NASA, Google, etc to search code for bugs and security holes in Mars rovers, apps...

Semmle's flaw-finding queries can be shared and used on multiple projects
Homer Simpson

Ever wonder how hackers could possibly pwn power plants? Here are 54 Siemens bugs that could explain things

Arbitrary code execution in a controller, what could go wrong?
Cisco phone hacked to play Doom

'Tens of millions' of Cisco devices vulnerable to CDPwn flaws: Network segmentation blown apart by security bugs

Enterprises face fear of phone fragging fest as Doom spawns on IP phones
Software bug

We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?

Disclosure Infosec veteran Marc Rogers on why we need a better system to rate vulnerabilities

Google halts Chrome, Chrome OS releases to avoid shipping flawed code, prioritizes security fixes amid coronavirus crunch

Updated COVID-19 raises risk of software bugs due to staff schedule shifts
Google's Play Store is the only official source for Android applications

Too bad, so sad, exploit devs: Google patches possibly several million dollars' worth of security flaws in Android

Except one – a 'your phone is now my phone' bug reported months ago and still not fixed
broken_fibre_optic

Code crash? Russian hackers? Nope. Good ol' broken fiber cables borked Google Cloud's networking today

Connectivity to us-east1 knackered for hours, still no fix
Red alert light

It's 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either

Spreading in the wild, no vaccine, people told to distance themselves from dodgy sources... sounds familiar

Biting the hand that feeds IT © 1998–2020