Google patches two serious flaws in Chrome

The post said, "A flaw in the V8 Javascript engine might allow specially-crafted Javascript on a web page to read unauthorized memory, bypassing security checks. It is possible that this could lead to disclosing unauthorized data to an attacker or allow an attacker to run arbitrary code."

Google has rated this security risk as high, because a hacker could run malicious code within the Chrome browser.

The second flaw affects XML. Pages using XML can cause a Google Chrome tab process to crash. A malicious XML payload may be able to trigger a use-after-free condition. Other tabs are unaffected, said Jonathan Conradt, engineering program manager at Google.

Chris Evans of Google's security team said neither of the flaws have been rated as critical because Google Chrome uses a sandbox which prevents arbitrary code from directly running on a user's PC.
 

This article was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?