Google plugs three high-risk holes in latest Chrome browser

The three security holes plugged in Chrome 16.0.912.75 are use-after-free in animation frames, heap-buffer-overflow in libxml, and stack-buffer-overflow in glyph handling, Google said in a security update.

The company issued $2,000 in bug bounties, with $1,000 of that going to Mozilla researcher Boris Zbarsky. Apparently security trumps rivalry when it comes to browsers.

Google also has released a beta version of Chrome 17, the next major version of the browser. Chrome 17 is expected to include some new security features and improvements to web page loading speed.

On the security front, Google is improving Chrome’s Safe Browsing technology. The current version of Safe Browsing is designed to protect users against drive-by downloads and malicious links on sites. The new version will run a check on executables and other files downloaded from the web.

“Chrome now includes expanded functionality to analyze executable files (such as ‘.exe’ and ‘.msi’ files) that you download. If a file you download is known to be bad, or is hosted on a website that hosts a relatively high percentage of malicious downloads, Chrome will warn you that the file appears to be malicious and that you should discard it. We’re starting small with this initial beta release, but we’ll be ramping up coverage for more and more malicious files in the coming months”, wrote Dominic Hamon, a Google software engineer, in a blog.
 

What’s Hot on Infosecurity Magazine?