Share

Related Stories

Top 5 Stories

News

Google fixes four flaws in latest Chrome browser update

31 May 2011

Google has fixed four flaws – including two critical ones – in its Chrome browser with the release of its latest update.

In addition to the two critical security flaws, a third security flaw was rated high, and researcher Martin Barbella received a $1000 bounty for reporting it. A fourth flaw was rated low.

Hackers could use the critical security flaws to break out of the Chrome sandbox, according to French security firm Vupen.

“The vulnerabilities…related to GPU and blob handling are typical examples of critical vulnterabilities that can affect Chrome and can be exploited to execute arbitrary code outside the sandbox”, said Chaouki Bekar, Vupen's CEO and head of research, in an email reply to questions submitted by Computerworld.

Bekar noted that there remain Chrome bugs that the firm identified last month that have not been patched. "The recent flaws we discovered in Chrome, including the sandbox bypass, remain unpatched and our exploit code works with version 11.0.696.71, too," he said.

In a May 9 blog, Vupen wrote: “While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any default installation of Chrome despite its sandbox.”

Google has fixed scores of security flaws in its Chrome browser this year. In March, Google fixed 23 security flaws with its Chrome 10 version and dolled out $16,174 bounties to security researchers. In April, it fixed 25 security flaws with its Chrome 11 version.

This article is featured in:
Application Security  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×