High-risk flaw dings Google Chrome - Gladiator Security Forum

Welcome Guest ( Log In | Register )

Gladiator Security Forum > General Security > Security News and Alerts

You are viewing GSF's Security News & Alerts Forum

Thank you for viewing our Security News & Alerts forum. You'll find here important and general security news reported from magazines, websites and other boards.
Notes::
- Old entries/news are deleted in this forum and its sub-forum
- Please do NOT post your PC problems here. Use instead: HELP! Think you are Infected? for HijackThis analysis. For PC Related Topics, Operating Systems or general security questions, kindly go to Security Newbies Forum.

High-risk flaw dings Google Chrome

Options

TheSentinel View Member Profile	Nov 6 2009, 08:37 PM Post #1
The man in the dark Group: General Admin Posts: 15471 Joined: 10-August 02 From: Somewhere in Germany Member No.: 9	QUOTE November 6th, 2009 High-risk flaw dings Google Chrome Posted by Ryan Naraine @ 9:18 am Google has pushed out a Chrome browser update to fix a pair of security vulnerabilities that expose uses to malicious hacker attacks. One of the flaws carry a “high-risk” rating because of the threat of arbitrary code execution. [ SEE: Study: Silent patching best for securing browsers ] Vulnerability #1: The user was not warned about certain possibly dangerous file types such as SVG, MHT and XML files. In some browsers, JavaScript can execute within these types of files. Because the JavaScript runs in the local context, it may be able to access local resources. Details are being withheld until the fix is pushed out to a majority of users. Vulnerability #2: A malicious site could use the Gears SQL API to put SQL metadata into a bad state, which could cause a subsequent memory corruption. This may lead to a Gears plugin crash or possibly arbitrary code execution. Google says this issue will be made public once a majority of users are up to date with the fix. The patch is being silently distributed to all Google Chrome users. Detailed: http://blogs.zdnet.com/security/?p=4861 -------------------- Microsoft® MVP Consumer Security 2007 - 2009 Member of ASAP A.S.A.P-Alliance of Security Analysis Professionals

TheSentinel View Member Profile	Nov 6 2009, 08:45 PM Post #2
The man in the dark Group: General Admin Posts: 15471 Joined: 10-August 02 From: Somewhere in Germany Member No.: 9	Read please also: http://googlechromereleases.blogspot.com/2...nel-update.html Using Blended Browser Threats involving Chrome to steal files on your computer http://securethoughts.com/2009/11/using-bl...-your-computer/ Google closes vulnerabilities in Chrome http://www.h-online.com/security/news/item...e-3-852224.html -------------------- Microsoft® MVP Consumer Security 2007 - 2009 Member of ASAP A.S.A.P-Alliance of Security Analysis Professionals

« Next Oldest · Security News and Alerts · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 12:17 AM

Licensed to: Gladiator-Antivirus-Forums

Design by: Skins IPB & Web Browsers