Google Chrome updated to patch security vulnerabilities

Filed Under: Data loss, Google

Google Chrome logo
Google's Chrome web browser may be some way off dominating the competitive browser market, but it still has its ardent fans.

Those users should be aware that Google has released a new version of its Chrome web browser which fixes a number of security vulnerabilities.

Version 2.0.172.43 of Chrome fixes a high severity flaw in the V8 Javascript engine which would allow maliciously-crafted Javascript on a webpage to read unauthorised memory, bypassing security checks. It is possible that this could lead to unauthorised data being disclosed to an attacker or allow a malicious hacker to run code on your computer. Google has said it will make more details of the issue available once the majority of users are patched.

In addition, another flaw labelled "high severity" fixes a problem whereby webpages using XML can cause a Google Chrome tab process to crash. Google says that this update prevents hackers from being able to exploit this vulnerability to run arbitary code inside the Chrome sandbox.

Finally, the new version of Google Chrome will no longer connect to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site.

More details of the latest update to Google Chrome are available on the Chrome Release blog. The update is being rolled out automatically to Chrome users.

Although nothing like as widely used as Internet Explorer or Firefox (the latest monthly stats about visitors to the Clu-blog tell me that 4.45% of you are using Chrome, as opposed to 44.3% on Internet Explorer and 37.36% on Firefox. Safari lies in third place at 10.29%), it's perfectly possible that users inside your organisation have unilaterally chosen to use Chrome as their default browser if you haven't implemented a policy to control which program your staff use to surf the net.

, ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.