• On The Insider: Judge Bans Real Housewives Sex Tape
September 8, 2008 4:31 PM PDT

Google reveals Chrome security patch details

by Stephen Shankland

Earlier today, Google was keeping mum about a three-day-old security fix to its Chrome browser, but now the company has revealed details of two critical-risk vulnerabilities and some lesser issues it says are fixed.

The critical patches relate to buffer overrun vulnerabilities that could have let a remote attacker execute arbitrary software on a Chrome user's computer, said Mark Larson, a Google Chrome program manager, in a mailing list posting Monday afternoon. The first patch fixed a vulnerability in handling long file names, called the SaveAs vulnerability, and the second a vulnerability in dealing with the Web site addresses displayed in Chrome's status area when the user hovers over a link.

An update to Google Chrome means the browser can head off a particular technique that previously could crash the browser.

An update to Google Chrome means the browser now can head off a particular technique that previously could crash the browser.

(Credit: Stephen Shankland/CNET News)

Larson also established a Google Chrome Releases blog for announcements and release notes relating to Chrome. The company had said earlier it was working on a way to release that information, in part after people requested such notes well after Google started automatically updating Chrome browsers without saying what exactly was in the update.

Google fixed two lesser security issues, too. First was an issue in which typing "about:%" in the address bar could crash the computer. The problem also meant that a Web page with that text as a hyperlink could crash the browser if a user hovered the mouse pointer over the link. Second was to prevent the user's desktop from being the default download directory to mitigate "the risk of malicious cluttering of the desktop with unwanted downloads, which can lead to executing unwanted files," Larson said.

Other fixes addressed non-security issues: a JavaScript problem with Facebook; a problem suggesting search terms while using various Web sites; and some data-transer issues with the Safe Browsing mode.

Stephen Shankland writes about a wide range of technology and products, but has a particular focus on browsers and digital photography. He joined CNET News in 1998 and since then also has covered Google, Yahoo, servers, supercomputing, Linux and open-source software, and science. E-mail Stephen, or follow him on Twitter at http://www.twitter.com/stshank.
Topics:

News,

Vulnerabilities & attacks

Tags:

security,

Google,

Chrome,

browsers,

update,

JavaScript

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Security
Symantec's Ramzan on solving the antivirus puzzle
Apple fixing iPhone SMS security hole
Waledac worm targeting July 4 spam offensive
ATM vendor gets security talk pulled from conferences
Postini: Google's take on e-mail security
Botnets lead the way for spam
Stallman warns of Mono 'risk'
China delays rule for Net-screening software
Related
Add a Comment (Log in or register) (9 Comments)
  • prev
  • 1
  • next
by Lerianis September 8, 2008 6:38 PM PDT
The latest updates are all well and good, but Google needs to do some more checking that sites won't be broken by the updates. Their latest updates broke the Topix site, because you cannot now click on some links on that site that were supposed to go to other pages.
And yes, I did inform Google about this.
Reply to this comment
by AppleSuxLeo September 8, 2008 11:13 PM PDT
Chrome is all rusty already. No faster than IE8 on my puter , and as a tech writer for CNN has discovered , Chrome and FF3 both hammer the CPU even after the page has loaded !, and IE8 hardly uses any CPU cycles and is within a second of Chrome in speed on real-world net use.
Chrome is dumbed-down and looks like Fisher-Price designed it.
Chrome...nothing but hype....and a security nightmare !
Reply to this comment
by pretenderkc September 8, 2008 11:53 PM PDT
LONG LIVE microsoft!!! :-)
nuff said....
by Dalkorian September 9, 2008 8:50 AM PDT
Both of you don't forget to tell the Bill that you've done his bidding and are waiting for your kickback checks. IE is the plague of the internet and should be made illegal. Period. Proprietary "standards" in a browser that's intimately tied into the OS - yeah, that sounds intelligent.
by rosoft2001 September 9, 2008 6:03 AM PDT
While using Chrome I found that a lot of sites sites don't work, due to missing plugins for the new platform. Sometimes just quitting the site is not an option so I created an easy way to open the page in your "old" browser. Just drag and drop the URL from the Chrome URL bar into the Mirror form and you can continue your Chrome browsing.


Download: http://www.zonator.com/mirror.zip
Reply to this comment
by AppleSuxLeo September 9, 2008 6:27 AM PDT
"Patch" ??? This thing just coded and needs to be rushed into surgery !
Reply to this comment
by Dalkorian September 9, 2008 8:44 AM PDT
LOL - that's a good one, thanks. I'm sure you're used to releasing flawless code on day one (I'm sure you've written any code!), but most humans make mistakes.
by Rythan September 9, 2008 7:52 AM PDT
And there shall be many more patches ... it is a beta after all, not release code. Besides just how many patches have been released for the other browsers out there for security flaws??
Reply to this comment
by Camobarge September 10, 2008 11:03 AM PDT
Hmmm I thought I would give it a try and see what a "new" type of browser would have to offer.
Well its not working at all, not sure what is up with it.....
Looks like IE for me until the bugs are worked out.
Reply to this comment
(9 Comments)
  • prev
  • 1
  • next
advertisement

Making sense of Windows 7 upgrades

faq The basics and the fine print on Microsoft's options for those eyeing the next operating system from Redmond.
• Full Windows 7 coverage

Road Trip 2009: Big Sky Country

CNET News reporter Daniel Terdiman takes his car full of gadgets to the Rockies and the Great Plains in search of tech, science, nature, and more.
• America's Fortress: Cheyenne Mountain

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET