Google issues, then reissues Chrome security fix

Google fixed security holes with a new release of its stable version of Chrome--then released a replacement shortly afterward to prevent a batch of crashes that turned up as well.

Chrome 1.0.154.64 (download) emerged Tuesday and was intended to fix one critical security problem and one high-severity one. On Thursday, came 1.0.154.65 to fix a crash during startup that affected "a small percentage of users," said Chrome Program Manager Mark Larson.

With the first problem, an attacker under some circumstances could run attack software with the same privilege as the computer user.

With the second, an issue handling 2D graphics could potentially allow a specially crafted image to crash a tab and run an attacker's code within Chrome's sandbox security isolation system.

[derilium]

If it runs within the sandboxed security, how is it a threat?

[Shankland]

You don't want arbitrary malicious code running anywhere. Better in a sandbox than out of it, but better not at all. I'm not sure it applies to browser sandboxes, but with operating system attacks, an attempt can combine two subattacks--one to run arbitrary code in a limited fashion and another to escalate privileges.

Hahaha.. I bet if this was IE7/8 all the apple-fanboys and *nix thugs would be talking smack in here like crazy...

[sd_response]

hahah..couldn't agree more. I guess they have double standards after all...I have both IE 8 and latest FireFox in my system. But I mostly use IE on my machine. Never installed Chrome never will...

[Kasee]

I discontinued Google Chrome - just because of missing features like - Google Bookmarks synchronization, addon support to Xmarks, many of my SAP portals dont work properly in Google chrome; Google chrome is not synching google search to my webhistory? I get everything from Firefox and latest beta performance is too good compared to previous ones;

[profdavidson]

Kasee apparently is still learning basic English but still has enough time to worry about her internet browser

[kill pcs]

All new programs take some time to get right. Chrome may seem a bit basic but that is what some people want.Give it as long as firefox &ie then see if it is as bad as you think.

[i_made_this]

There's some irony in Google's having taken Chrome out of Beta, only to release three immediate highly critical security patches in RTM. We tried Chrome and liked it very much. We didn't like its installation of all sorts of other Google background programs including a pair of all-encompassing *Google Miscellaneous* type programs which forced themselves to run as start-up and when disabled, they reproduced themselves lol. Google, dudes, we're aware you guys are seriously brilliant hackers and that you adore Windows for this reason, but c'mon... . PS Ya, all of what I've said is buried in the most massive EULA any browser has ever required that you sign.

[Bozz5384]

Google Chrome is still the best browser I have found, period. It runs circles around IE and FireFox, and uses about 1/2 the resources of IE, and about 1/3 of FireFox loading and displaying the same websites... its not perfect, but its soooo much better than anything else out there.

[fdunn3]

Also the best means of someone injecting code into your system.....REAL FAST though!