Edit 13 May 2009: Disclosing that this release contains the fix for CVE-2009-0945, an issue in WebKit code that also affects Apple's Safari web browser. We did not want to disclose this until Apple's fix for Safari users was released.
Google Chrome's Stable channel has been updated to version 1.0.154.65 to fix a crash during startup for a small percentage of users.
CVE-2009-0945 Denial of service in SVG
A memory corruption issue exists in WebKit's handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. The arbitrary code would be limited by the Google Chrome sandbox.
Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
Mitigations:
- A victim would need to visit a page under an attacker's control.
- Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.
