Stable Update: Security fixes
Google Chrome 2.0.172.43 has been released to the Stable channel to fix the security issues listed below.
A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code.
More info: http://code.google.com/p/chromium/issues/detail?id=18639 (This issue will be made public once a majority of users are up to date with the fix.)
Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
Credit: This issue was found by Mozilla Security.
Mitigations:
- A victim would need to visit a page under an attacker's control.
- Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.
Google Chrome no longer connects to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site.
More info: http://code.google.com/p/chromium/issues/detail?id=18725 (This issue will be made public once a majority of users are up to date with the fix.)
Severity: Medium. Further advances in attacks against weak hashing algorithms may eventually permit attacks to forge certificates.
Credit: Dan Kaminsky, Director of Penetration Testing, IOActive Inc., Meredith Patterson and Len Sassaman. See their paper at http://www.ioactive.com/pdfs/PKILayerCake.pdf
CVE-2009-2416 Multiple use-after-free vulnerabilities in libxml2
Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected.
More info: See the CVE entries noted in this report.
Severity: High. An attacker might be able to run arbitrary code within the Google Chrome sandbox.
Credit: Original discovery by Rauli Kaksonen and Jukka Taimisto from the CROSS project at Codenomicon Ltd. The Google Chrome security team determined that Chrome was affected.
Mitigations:
- A victim would need to visit a page under an attacker's control.
- Any code that an attacker might be able to run inside the renderer process would be inside the sandbox. Click here for more details about sandboxing.
Jonathan Conradt
Engineering Program Manager
Labels: Stable updates
11 Comments:
When is going to be stable chrome v3
thanx for this nice blog and please let me take a copy to my site
البورصة المصرية
منتديات البورصة المصرية
منتدى البورصة السعودية | سوق الأسهم السعودى
تجارة عملات | فوركس | تجارة العملات | تداول عملات | Forex
What about the Dev release? I am using v 4.0.202.0
I thought chrome will never have such serious flaws, given the detailed comic style documentation / introduction for chrome about sandboxes and this and that.
@vijju: thanks for bringing up sandboxing. These bugs are not rated "Critical" precisely because of the existence of the sandbox.
Chris Evans, Chrome Security Team
I recently came accross your blog and have been reading along. I thought I would leave my first comment. I dont know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.
Susan
http://3128proxy.com
Come on... please remove that SPAM comments.
And thanks for the updates!
Why is Issue 18639 Forbidden?!
Because that issues contains a description of the bug, which might be useful to prepare an exploit. Not everybody updates/uses Chrome every day, which means that there are still some people using the old, vulnerable version. Hiding the description of the bug is a way to protect those people. Once the majority of Chrome users have updated, the danger of somebdy exploiting the bug becomes irrelevant, and the issue can be made public.
It's true that this bug lets an attacker run code inside the sandbox, which means it's substantially harmless... Still, it's better to avoid it. After all, the only drawback is that if you want to satisfy your curiosity you'll have to wait for a couple of days, which is nothing terrible.
You share valuable information and excellent design you got here! I would like to thank you for sharing your thoughts and time into the stuff you post!! Thumbs up. Please come visit my site Philadelphia Yellow Page Business Directory when you got time.
I was thinking of looking up some of them newspaper websites, but am glad I came here instead. Although glad is not quite the right word… let me just say I needed this after the incessant chatter in the media, and am grateful to you for articulating something many of us are feeling - even from distant shores. Please come visit my site San Antonio Yellow Page Business Directory when you got time.
Post a Comment
Subscribe to Post Comments [Atom]
<< Home