Google’s Chrome web browser may be some way off dominating the competitive browser market, but it still has its ardent fans.
Those users should be aware that Google has released a new version of its Chrome web browser which fixes a number of security vulnerabilities.
In addition, another flaw labelled “high severity” fixes a problem whereby webpages using XML can cause a Google Chrome tab process to crash. Google says that this update prevents hackers from being able to exploit this vulnerability to run arbitary code inside the Chrome sandbox.
Finally, the new version of Google Chrome will no longer connect to HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms. These algorithms are considered weak and might allow an attacker to spoof an invalid site as a valid HTTPS site.
More details of the latest update to Google Chrome are available on the Chrome Release blog. The update is being rolled out automatically to Chrome users.
Although nothing like as widely used as Internet Explorer or Firefox (the latest monthly stats about visitors to the Clu-blog tell me that 4.45% of you are using Chrome, as opposed to 44.3% on Internet Explorer and 37.36% on Firefox. Safari lies in third place at 10.29%), it’s perfectly possible that users inside your organisation have unilaterally chosen to use Chrome as their default browser if you haven’t implemented a policy to control which program your staff use to surf the net.