Chrome Releases: Stable Update: Security Fix

Chrome Releases

Release updates from the Chrome team

Stable Update: Security Fix

Tuesday, May 5, 2009

Google Chrome's Stable channel has been updated to version 1.0.154.64 to fix two security issues discovered by internal Google testing.
This release also contains

A new notification at startup that makes it easier to set Google Chrome as the default browser. If you don't want Google Chrome to be the default browser, you can click 'Don't ask again'.

A new version of Gears (0.5.16.0)

Security Fixes
CVE-2009-1441: Input validation error in the browser process.A failure to properly validate input from a renderer (tab) process could allow an attacker to crash the browser and possibly run arbitrary code with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.
More info: http://code.google.com/p/chromium/issues/detail?id=10869
Severity: Critical. An attacker might be able to run code with the privileges of the logged on user.
Mitigation: An attacker would need to be able to run arbitrary code in the renderer process.

CVE-2009-1442: Integer overflow in Skia 2D graphics.A failure to check the result of integer multiplication when computing image sizes could allow a specially-crafted image or canvas to cause a tab to crash and it might be possible for an attacker to execute arbitrary code inside the (sandboxed) renderer process.
More info: http://code.google.com/p/chromium/issues/detail?id=10736
Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
Mitigations:

A victim would need to visit a page under an attacker's control.

Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.

Mark LarsonGoogle Chrome Program Manager

Labels: Stable updates

Labels

Admin Console 43
Android WebView 19
Beta 21
Beta update 4
Beta updates 2018
chrome 15
Chrome Dev for Android 129
Chrome for Android 946
Chrome for iOS 374
Chrome for Meetings 5
Chrome OS 1149
Chrome OS Flex 22
Chrome OS Management 12
Chromecast Update 6
ChromeOS 209
ChromeOS Flex 206
Desktop Update 1108
dev update 266
Dev updates 1505
Early Stable Updates 49
Extended Stable updates 127
Flash Player update 5
Flex 1
Hangouts Meet hardware 5
LTS 87
stable 11
Stable updates 1237

Archive

2024
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2023
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2022
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2021
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2020
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2019
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2018
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2017
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2016
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2015
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2014
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2013
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2012
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2011
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2010
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2009
- Dec
- Nov
- Oct
- Sep
- Aug
- Jul
- Jun
- May
- Apr
- Mar
- Feb
- Jan

2008
- Dec
- Nov
- Oct
- Sep

Give us feedback in our
Product Forums.

Google
Privacy
Terms