Google patches nine flaws in Chrome

Simon · Aug 20, 2010, 10:45:51

Google has rolled out a security update to fix nine flaws in its Chrome browser.

Chrome patched two critical vulnerabilities, six high risk weaknesses and one rated medium.

The two critical bugs caused a crash on shutdown and memory corruption, while the high risk bugs included one that allowed the address bar to be spoofed. The full details weren't released in order to give the update time to reach users first, Google said.

Security researcher Sergey Glazunov once again picked up some cash from Chrome, reporting four bugs. He was paid out $1337 each for two bugs and awarded $1000 each for the other two, which caused memory corruption in the browser.

Google recently increased its bug bounty from a maximum $1,337 to over $3,000.

Read more: http://www.pcpro.co.uk/news/security/360487/google-patches-nine-flaws-in-chrome

Rik · Aug 20, 2010, 10:48:20

Oh good, they're getting to be like the rest.

Simon · Aug 20, 2010, 11:01:30

Gary · Aug 20, 2010, 11:09:56

Is that nine flaws in how to spy on you

pctech · Aug 20, 2010, 11:14:58

Best defence, uninstall.

Like Apple's Safari, Chrome doesn't work with a lot of sites.

Glenn · Aug 20, 2010, 11:18:22

They are quicker at patching then Linux http://www.theregister.co.uk/2010/08/19/linux_vulnerability_fix/

QuoteThe Linux kernel has finally been purged of a privilege-escalation vulnerability that for at least half a decade allowed untrusted local users to gain unfettered rights to the operating system's most secure locations.

Maintainers of the central Linux component issued a patch last week that killed the bug, which allowed unprivileged users to gain root access. While Linux overlords stopped short of declaring it a security vulnerability, they stressed that the patch should be installed as soon as possible.

psp83 · Aug 20, 2010, 14:08:06

Quote from: pctech on Aug 20, 2010, 11:14:58
Best defence, uninstall.

Like Apple's Safari, Chrome doesn't work with a lot of sites.

I disagree. Its the sites not working with the browser.

All my sites are built to be W3C compliant and I never have any trouble with safari, chrome, firefox, ie8/7.. its just the non compliant IE6 that always have visual bugs.

Steve · Aug 20, 2010, 14:13:18

I was surprised by the Safari comment, a from personal experience and also as it's more compliant to the standard than some of the others

Gary · Aug 20, 2010, 14:49:11

Quote from: pctech on Aug 20, 2010, 11:14:58
Best defence, uninstall.

Like Apple's Safari, Chrome doesn't work with a lot of sites.

I have no issue with safari either, I tend not to use it, but since it now has extensions I use it more, its a fast compliant browser, gets 100% on the acid test 3 as well. As has been said its the sites not the browsers themselves.

psp83 · Aug 20, 2010, 15:28:36

Quote from: Steve on Aug 20, 2010, 14:13:18
I was surprised by the Safari comment, a from personal experience and also as it's more compliant to the standard than some of the others

Quote from: Gary on Aug 20, 2010, 14:49:11
I have no issue with safari either, I tend not to use it, but since it now has extensions I use it more, its a fast compliant browser, gets 100% on the acid test 3 as well. As has been said its the sites not the browsers themselves.

Web-Kit engine is good. I just wish all browsers would stick to one engine thou, would make my life alot easier.

Technical Ben · Aug 21, 2010, 12:12:24

Quote from: Glenn on Aug 20, 2010, 11:18:22
They are quicker at patching then Linux http://www.theregister.co.uk/2010/08/19/linux_vulnerability_fix/

"local users". How are they going to patch the "looking over your shoulder and pressing buttons on the keyboard" vulnerability!

Steve · Aug 21, 2010, 12:14:12

By utilisation of a high fibre diet