Top 5 Stories


Google fixes nine security flaws in updated Chrome browser

09 February 2011

Google said it fixed nine security flaws, including one deemed critical, in the latest version of its Chrome browser, version 9.

The critical flaw involved a “race condition in audio handling” that was uncovered by the gamers of Reddit, Google announced. That flaw can be exploited to bypass the Chrome sandbox, according to Vupen Security.

A sandbox is a security measure to separate running programs; it provides a controlled set of resources and prevents applications from accessing protected resources.

Two of the flaws were ranked as “high”, and six were labeled as “low.” Chrome paid $2,000 to Aki Helin of OUSPG who found the two “high” security flaws: a “use-after-free in image loading” and “crashing when printing in PDF event handler.”

Chrome’s fix comes as Google has announced it would pay $20,000 and a CR-48 notebook computer to anyone who could hack into Chrome at next month’s Pwn2Own hacking contest at CanSecWest. The organizers of Pwn2Own are predicting that Chrome will be hacked on the second day of the contest when the rules are changed, according to a report in Computerworld.

This article is featured in:
Application Security  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×