On The Insider: Jersey Shore to Return for 2nd Season
BNET Business Network:
BNET
TechRepublic
ZDNet

September 8th, 2008

Google patches 'critical' Chrome code execution flaws

Posted by Ryan Naraine @ 7:04 pm

Categories: Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Exploit code, Google, Google Chrome, Open source, Patch Watch, Responsible disclosure, Vulnerability research, Web Applications

Tags: Desktop, Google Inc., Risk, Patch Management, Web Browser, Flaw, Security, Strategy, Management, Ryan Naraine

Google patches 'critical' Chrome code execution flawsThe first security patch for Google’s new Chrome browser is out, fixing at least two “critical” vulnerabilities that put Windows users at risk of code execution attacks.

[ SEE: Google Chrome vulnerable to carpet-bombing flaw ]

The patch, which is rolled out automatically via Chrome’s auto-update feature, also addresses two additional security vulnerabilities — the carpet-bombing issue and a denial-of-service flaw that could lead to browser crashes and data loss.

From the release notes:

  • Fixes a buffer overflow vulnerability in handling long filenames that display in the “Save As” dialog. This is a critical risk that could lead to execution of arbitrary code.  See here for fix details.
  • Fixes a buffer overflow vulnerability in handling link targets displayed in the status area when the user hovers over a link.  This is a critical risk that could lead to execution of arbitrary code.  The issue was reported privately to Google.  Fix details here.
  • Fixes an out of bounds memory read when parsing URLs ending with :%.  This is a low risk that can be used to crash the entire browser, possibly causing loss of data in the current session.  Fix information here.
  • The update also changes the default Downloads directory if it is set to Desktop to ensure that Desktop cannot be the default. This mitigates the risk of malicious cluttering of the desktop (aka carpet bombing) with unwanted downloads, which can lead to executing unwanted files.

[ SEE: Google Chrome vulnerabilities starting to pile up ]

Curiously,  user agent for the fully patched version of Chrome (version 0.2.149.29) is still showing WebKit 525.13 (Safari 3.1) , meaning that Aviv Raff’s two-click PC takeover vulnerability is still unpatched.

Google patches ‘critical’ Chrome code execution flaws

I just tested Raff’s proof-of-concept that combines two flaws — one in Safari and one in Java — and was still able to execute code without warning.   Strange.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 26 Talkback(s)
Quite impressive. Base security design is excellent.
I've been using it since it came out and noticed a few
minor problems with various applications. However, it
does work on some really old software without any
glitches (after I installed ... (Read the rest)
Posted by: joe.smetona@... Posted on: 09/10/08 You are currently: a Guest | | Terms of Use
Chrome update broke my CNN flash video playback  eMJayy | 09/08/08
Actually, Chrome probably broke spyware.  joe.smetona@... | 09/09/08
The error message is humorous...  jasonp@... | 09/09/08
What's strange...  jasonp@... | 09/09/08
RE: What's strange  pico_D | 09/09/08
Google patches ???critical??? Chrome code execution flaws  itanalyst2@... | 09/09/08
I don't think they should  MyBlueRex | 09/09/08
RE: Google patches 'critical' Chrome code execution flaws  paulrich557@... | 09/09/08
RE: Google patches 'critical' Chrome code execution flaws  kenvan1 | 09/09/08
Actually, probably broke the spyware.  joe.smetona@... | 09/09/08
Where's "Chrome" for the Mac?  3dtodd | 09/09/08
RE: Google patches 'critical' Chrome code execution flaws  Loverock Davidson | 09/09/08
RE: Google patches 'critical' Chrome code execution flaws  pico_D | 09/09/08
But Google doesn't release products  Loverock Davidson | 09/09/08
What a moron...  jasonp@... | 09/09/08
Conserve your energy  D-T-Schmitz | 09/09/08
Very little energy spent...  jasonp@... | 09/09/08
Yes you are a moron  Loverock Davidson | 09/09/08
Just as I thought...  jasonp@... | 09/09/08
RE: Google & Beta  pico_D | 09/10/08
Beta Testing...  Edesw88 | 09/09/08
RE: Google patches 'critical' Chrome code execution flaws  whallify | 09/09/08
Quite impressive. Base security design is excellent.  joe.smetona@... | 09/10/08
With the exception of signature 'Loverock Davidsson',  mhenriday | 09/09/08
Beta?  tonymcs@... | 09/09/08
Beta?  jgroetsema@... | 09/10/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here