Google Chrome 220.127.116.11 has been released to the Stable and Beta channels. This release fixes a critical security issue and two other networking bugs.
CVE-2009-2121: Buffer overflow processing HTTP responses
Google Chrome is vulnerable to a buffer overflow in handling certain responses from HTTP servers. A specially crafted response from a server could crash the browser and possibly allow an attacker to run arbitrary code.
More info: http://code.google.com/p/
chromium/issues/detail?id= 14508 (This issue will be made public once a majority of users are up to date with the fix.)
Severity: Critical. An attacker might be able to run code with the privileges of the logged on user.
Credit: This issue was found by the Google Chrome security team.
This release also fixes two other network issues:
- NTLM authentication to Squid proxies fails when trying to connect to HTTPS sites (Issue 8771)
- Browser crash when loading some HTTPS sites (Issue 13226)
Google Chrome Program Manager