Google patches nine flaws in Chrome

Started by Simon, Aug 20, 2010, 10:45:51

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Simon

Google has rolled out a security update to fix nine flaws in its Chrome browser.

Chrome patched two critical vulnerabilities, six high risk weaknesses and one rated medium.

The two critical bugs caused a crash on shutdown and memory corruption, while the high risk bugs included one that allowed the address bar to be spoofed. The full details weren't released in order to give the update time to reach users first, Google said.

Security researcher Sergey Glazunov once again picked up some cash from Chrome, reporting four bugs. He was paid out $1337 each for two bugs and awarded $1000 each for the other two, which caused memory corruption in the browser.

Google recently increased its bug bounty from a maximum $1,337 to over $3,000.

Read more: http://www.pcpro.co.uk/news/security/360487/google-patches-nine-flaws-in-chrome
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Oh good, they're getting to be like the rest. ;D
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Is that nine flaws in how to spy on you  :eyebrow:
Damned, if you do damned if you don't

pctech

Best defence, uninstall.

Like Apple's Safari, Chrome doesn't work with a lot of sites.


Glenn

They are quicker at patching then Linux http://www.theregister.co.uk/2010/08/19/linux_vulnerability_fix/

QuoteThe Linux kernel has finally been purged of a privilege-escalation vulnerability that for at least half a decade allowed untrusted local users to gain unfettered rights to the operating system's most secure locations.

Maintainers of the central Linux component issued a patch last week that killed the bug, which allowed unprivileged users to gain root access. While Linux overlords stopped short of declaring it a security vulnerability, they stressed that the patch should be installed as soon as possible.
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

psp83

Quote from: pctech on Aug 20, 2010, 11:14:58
Best defence, uninstall.

Like Apple's Safari, Chrome doesn't work with a lot of sites.


I disagree. Its the sites not working with the browser.

All my sites are built to be W3C compliant and I never have any trouble with safari, chrome, firefox, ie8/7.. its just the non compliant IE6 that always have visual bugs.

Steve

I was surprised by the Safari comment, a from personal experience and also as it's more compliant to the standard than some of the others
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: pctech on Aug 20, 2010, 11:14:58
Best defence, uninstall.

Like Apple's Safari, Chrome doesn't work with a lot of sites.


I have no issue with safari either, I tend not to use it, but since it now has extensions I use it more, its a fast compliant browser, gets 100% on the acid test 3 as well. As has been said its the sites not the browsers themselves.
Damned, if you do damned if you don't

psp83

Quote from: Steve on Aug 20, 2010, 14:13:18
I was surprised by the Safari comment, a from personal experience and also as it's more compliant to the standard than some of the others

Quote from: Gary on Aug 20, 2010, 14:49:11
I have no issue with safari either, I tend not to use it, but since it now has extensions I use it more, its a fast compliant browser, gets 100% on the acid test 3 as well. As has been said its the sites not the browsers themselves.

Web-Kit engine is good. I just wish all browsers would stick to one engine thou, would make my life alot easier.

Technical Ben

Quote from: Glenn on Aug 20, 2010, 11:18:22
They are quicker at patching then Linux http://www.theregister.co.uk/2010/08/19/linux_vulnerability_fix/


"local users". How are they going to patch the "looking over your shoulder and pressing buttons on the keyboard" vulnerability!   ;)
I use to have a signature, then it all changed to chip and pin.

Steve

By utilisation of a high fibre diet >:D
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.