Google fixes four flaws in latest Chrome browser update
Google has fixed four flaws – including two critical ones – in its Chrome browser with the release of its latest update.
In addition to the two critical security flaws, a third security flaw was rated high, and researcher Martin Barbella received a $1000 bounty for reporting it. A fourth flaw was rated low. Hackers could use the critical security flaws to break out of the Chrome sandbox, according to French security firm Vupen.
“The vulnerabilities…related to GPU and blob handling are typical examples of critical vulnterabilities that can affect Chrome and can be exploited to execute arbitrary code outside the sandbox”, said Chaouki Bekar, Vupen's CEO and head of research, in an email reply to questions submitted by Computerworld. Bekar noted that there remain Chrome bugs that the firm identified last month that have not been patched. "The recent flaws we discovered in Chrome, including the sandbox bypass, remain unpatched and our exploit code works with version 11.0.696.71, too," he said.
- Wed, 2012-04-18 10:04
- Thu, 2012-03-22 07:16
- Mon, 2012-02-06 10:20