On TechRepublic: The 5 worst tech products of 2009
BNET Business Network:
BNET
TechRepublic
ZDNet

May 6th, 2009

Critical security hole in Google Chrome

Posted by Ryan Naraine @ 7:24 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Google, Google Chrome, Malware, Patch Watch, Reverse Engineering, Vulnerability research

Tags: Google Inc., Attacker, Web Browser, Google Chrome, Web Browsers, Security, Internet, Ryan Naraine

For the second time in two weeks, Google has shipped a new version of its Chrome browser to fix a pair of serious security vulnerabilities.

One of the two flaws carry a “critical” rating because of the risk of code execution with the privileges of the logged on user.

[ SEE: Internet Explorer + Google Chrome = security problem ]

Here are the details from this advisory:

  • CVE-2009-1441: Critical. A failure to properly validate input from a renderer (tab) process could allow an attacker to crash the browser and possibly run arbitrary code with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.
  • CVE-2009-1442: High Risk. A failure to check the result of integer multiplication when computing image sizes could allow a specially-crafted image or canvas to cause a tab to crash and it might be possible for an attacker to execute arbitrary code inside the (sandboxed) renderer process.
Google Chrome is released as a silent update, meaning that the browser patches itself without the user’s knowledge.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 11 Talkback(s)
How do I know if patch is applied?
So with this silent patching, how do I know if teh patch has been applied? (Read the rest)
Posted by: Chalfont Posted on: 05/12/09 You are currently: a Guest | | Terms of Use
Does the sandboxing mitigate the problem?  ye | 05/06/09
I didn't think Chrome...  wolf_z | 05/06/09
it does  shis-ka-bob | 05/06/09
Chrome's Sandboxing Didn't Stop  snafu_77 | 05/06/09
Obviously not.  ShadowGIATL | 05/06/09
Sanboxing and disclosure  marklarson | 05/08/09
Results may vary.  ShadowGIATL | 05/09/09
Does this apply to v1.x alone or also to v2.x (beta) too?  markbn | 05/06/09
Security hole in a spyware.. Now that's funny...  transposeIT | 05/06/09
RE: Critical security hole in Google Chrome  tech_walker | 05/08/09
How do I know if patch is applied?  Chalfont | 05/12/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here