msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

24 Nov 11 Google Chrome Stable 15.0.874.121 Fixes JavaScript


Google has released Chrome Stable 15.0.874.121 for Windows, Mac, Linux and Chrome Frame platforms fixing a single JavaScript flaw. The flaw is identified as CVE-2011-3900 and is rated as being high impact by Google.

The flaw is an out-of-bounds write issue with the Chrome v8 JavaScript Engine. An out-of-bounds write, means that a process has privileges to write, where it should not be able to write. That extra privilege could potentially be exploited by an attacker to execute unauthorized remote code. Google has updated the v8 JavaScript engine to version 3.5.10.24 to correct the flaw.

The v8 flaw was discovered by security researcher Christian Holler, who was award $1,000 by Google for reporting the issue.

The Chrome Stable 15.0.874.121 update is the second security update from Google for Chrome in a week. On November 10, Google released Chrome Stable 15.0.874.120, fixing seven flaws, five marked as being high impact.

Over the short life of the Chrome 15 browser so far, Google has been very active. The first stable release of Chrome 15 came out at the end of October. The first release fixed over 27 flaws in Chrome, with Google paying out a record $26,511 in rewards to security researchers.

 

Read the full story at eSecurityPlanet:
Chrome Gets 2nd Critical Fix in a Week

Article source: http://www.internetnews.com/security/google-chrome-stable-15-fixes-javascript.html

Tags: , , ,

18 Nov 11 Google updates Chrome to fix browser flaw


Google updated Chrome this week, fixing a high-risk vulnerability that leaves outdated versions of the popular Web browser open to attack.

The updated browser, version 15.0.874.121, was released Wednesday (Nov. 16) to fix a flaw in V8, Chrome’s JavaScript engine. The security bug, if exploited, could allow an attacker to remotely execute malicious code on an infected system, Google wrote on its Chrome blog.

For identifying and reporting the error, Google paid researcher Christian Holler $1,000 in accordance with its bounty-hunting program for bugs.

This is the second Chrome update in the past week; on Nov. 10, Google fixed seven Chrome bugs, five of which were labeled high risk.

If you use Chrome, your browser should automatically update itself. To check, click on the wrench in the top right corner, next to the star symbol, and then choose “About Google Chrome.”

© 2011 SecurityNewsDaily. All rights reserved

Article source: http://www.msnbc.msn.com/id/45357749/ns/technology_and_science-security/

Tags: ,

18 Nov 11 Chrome Gets 2nd Critical Fix in a Week


It’s not often that a browser is updated for just a single vulnerability, but that’s exactly what is happening with Google Chrome today.

Google has released Chrome Stable 15.0.874.121 for Windows, Mac, Linux and Chrome Frame platforms fixing a single JavaScript flaw. The flaw is identified as CVE-2011-3900 and is rated as being high impact by Google.

The flaw is an out-of-bounds write issue with the Chrome v8 JavaScript Engine. An out-of-bounds write, means that a process has privileges to write, where it should not be able to write. That extra privilege could potentially be exploited by an attacker to execute unauthorized remote code. Google has updated the v8 JavaScript engine to version 3.5.10.24 to correct the flaw.

The v8 flaw was discovered by security researcher Christian Holler, who was award $1,000 by Google for reporting the issue.

The Chrome Stable 15.0.874.121 update is the second security update from Google for Chrome in a week. On November 10, Google released Chrome Stable 15.0.874.120, fixing seven flaws, five marked as being high impact.

Over the short life of the Chrome 15 browser so far, Google has been very active. The first stable release of Chrome 15 came out at the end of October. The first release fixed over 27 flaws in Chrome, with Google paying out a record $26,511 in rewards to security researchers.

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Article source: http://www.esecurityplanet.com/browser-security/chrome-gets-2nd-critical-fix-in-a-week.html

Tags: , , ,