IT security: Vulnerabilities in Google Chrome
The US Government's Cyber Security Bulletin released late last night includes notifications of security vulnerabilities in previous builds of Google Chrome.
Most Recent - This Section
IT Security: Lo-Jack software helps laptop recoveryIT Security: unpatched Joomla sites allow phishing scams to hide
IT Security: Microsoft admit to serious security problem in Windows Shell.
IT Security: Hacker alleged to have blackmailed PC users
IT security: Vulnerabilities in Google Chrome
Most Recent - Whole Site
Aviation: who's really flying the plane?M&A: VC steps in to rescue insolvent software company
Aviation: Christchurch opens for internatioanl flights
Risk Professional: massive phishing scam afflicts Standard Bank
Aviation: SQ25 (JFK - FRA) delayed by bridge strike
Most Recent - BizNewsSelect
The Society of Anti Money Laundering Professionals: launch of Accredited Training Course Provider schemeThe Society of Anti Money Laundering Professionals launches new membership class
Quick To Learn More expands and updates content units
Hong Kong's latest foreign currency reserve assets figures released
International reserves of BNM as at 31 December 2009
Most Recent - BankingInsuranceSecurities.Com
Securities: Class action accuses Schwab of deviating from investment objectives.Banking: Barclays redefines divisions in banking group
Banking: BancFirst Corp buys Exchange Bancshares of Moore.
Consumer finance: NZ's South Canterbury Finance collapse will have heavy cost
wmlro.com: Man arrested with USD50,000 in car
Google Chrome is underpinned by Apple's Safari and includes some of the latter's quirks especially in handling certain Javascript controls.
However, there are no similar warnings relating to Safari.
The "high vulnerability" warnings related to Google Chrome are:
Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors.
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality.
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors.
Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality.
Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers.
Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors.
Medium Vulnerability
Google Chrome 1.0.154.48 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs.
Vulnerabilities (Medium or low) were also reported for Microsoft Internet Explorer and Firefox (the core of which is used by several other browsers but which were not mentioned)
The reports are dated, in some cases, up to 9 days ago and the recommended fix is, as always, to make sure that the latest version of the program is installed.
Apple announced the release of Safari 5.0 yesterday.
Download PDF version of this page
